CVE-2008-5659

EUVD-2008-5630
The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
gnuclasspath
𝑥
≤ 0.97.2
gnuclasspath
0.6
gnuclasspath
0.7
gnuclasspath
0.8
gnuclasspath
0.9
gnuclasspath
0.10
gnuclasspath
0.11
gnuclasspath
0.12
gnuclasspath
0.13
gnuclasspath
0.14
gnuclasspath
0.15
gnuclasspath
0.16
gnuclasspath
0.17
gnuclasspath
0.18
gnuclasspath
0.19
gnuclasspath
0.20
gnuclasspath
0.90
gnuclasspath
0.91
gnuclasspath
0.92
gnuclasspath
0.93
gnuclasspath
0.95
gnuclasspath
0.96
gnuclasspath
0.96.1
gnuclasspath
0.97
gnuclasspath
0.97.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
classpath
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
ignored
lucid
not-affected
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
http://www.openwall.com/lists/oss-security/2008/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47574
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417
http://www.openwall.com/lists/oss-security/2008/12/06/2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47574