Linux Distros Unpatched Vulnerability : CVE-2016-6313

🗓️ 04 Mar 2025 00:00:00Reported by TenableType

Linux/Unix host has unpatched vulnerability CVE-2016-6313 affecting random number generator packages.

Reporter	Title	Published	Views	Family All 131
IBM Security Bulletins	IBM Security Network Protection / IBM QRadar Network Security / XGS Technote Index	31 Jan 202100:10	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in cracklib, dhcp, expat, libgcrypt and lighttpd affect IBM Flex System Chassis Management Module (CMM)	31 Jan 201902:25	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by Using Components with Known Vulnerabilities	16 Jun 201822:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Access Manager appliances are affected by a vulnerability in the libgcrypt library (CVE-2016-6313)	16 Jun 201821:50	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libgcrypt affects SmartCloud Entry (CVE-2016-6313 )	19 Jul 202000:49	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in GnuPG libgcrypt affects IBM Security Network Protection (CVE-2016-6313)	16 Jun 201821:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in libgcrypt affects IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter systems	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities have been fixed in products bundled with IBM Security Directory Suite 8.0 and 8.0.1	16 Jun 201821:51	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in GnuPG (gpg) affects PowerKVM	18 Jun 201801:34	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Flex System Manager (FSM) is affected by a libgcrypt vulnerability (CVE-2016-6313)	18 Jun 201801:34	–	ibm

Source	Link
access	www.access.redhat.com/security/cve/cve-2016-6313
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(219766);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/28");

  script_cve_id("CVE-2016-6313");

  script_name(english:"Linux Distros Unpatched Vulnerability : CVE-2016-6313");

  script_set_attribute(attribute:"synopsis", value:
"The Linux/Unix host has one or more packages installed with a vulnerability that the vendor indicates will not be
patched.");
  script_set_attribute(attribute:"description", value:
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied
patch available.

  - The mixing functions in the random number generator in Libgcrypt before 1.5.6, 1.6.x before 1.6.6, and
    1.7.x before 1.7.3 and GnuPG before 1.4.21 make it easier for attackers to obtain the values of 160 bits
    by leveraging knowledge of the previous 4640 bits. (CVE-2016-6313)

Note that Nessus relies on the presence of the package as reported by the vendor.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2016-6313");
  script_set_attribute(attribute:"solution", value:
"There is no known solution at this time.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:U/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:U/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-6313");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_unpatched", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/08/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/03/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libgcrypt");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2025-2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("set_linux_os_id.nasl", "ssh_get_info2.nasl");
  script_require_keys("Host/OS/identifier", "Host/cpu", "Host/local_checks_enabled", "global_settings/vendor_unpatched");
  script_require_ports("Host/OS/Red Hat Enterprise Linux-5");

  exit(0);
}

if (!get_kb_item("global_settings/vendor_unpatched")) exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (empty_or_null(get_one_kb_item("Host/RedHat/rpm-list"))) audit(AUDIT_PACKAGE_LIST_MISSING);

include('linux_unpatched.inc');

var distro_constraints_array = {
  "Red Hat Enterprise Linux-5": {
    "package_manager": "rpm-list",
    "constraints": [
      {
        "release": "5",
        "pkgs": [
          {"reference": "libgcrypt"}
        ]
      }
    ]
  }
};

var distro_constraints_values = linux_unpatched::get_distro_constraints(distro_constraints_arr:distro_constraints_array);
if (empty_or_null(distro_constraints_values)) audit(AUDIT_HOST_NOT, 'affected');
var report = linux_unpatched::check_unpatched_constraints(distro_constraints_values:distro_constraints_values);

if (!empty_or_null(report))
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : report
  );
  exit(0);
}
else
{
  audit(AUDIT_HOST_NOT, 'affected');
}

28 Jan 2026 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 25

CVSS 35.3

EPSS0.03627