Lucene search

K

[email protected]NVD:CVE-2011-0766

HistoryMay 31, 2011 - 8:55 p.m.

CVE-2011-0766

2011-05-3120:55:01

CWE-310

[email protected]

web.nvd.nist.gov

7

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.3%

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Affected configurations

Nvd

Node

erlangcryptoRange≤2.0.2.1

OR

erlangerlang\/otpMatchr11b-5

OR

erlangerlang\/otpMatchr12b-5

OR

erlangerlang\/otpMatchr13b

OR

erlangerlang\/otpMatchr13b02-1

OR

erlangerlang\/otpMatchr13b03

OR

erlangerlang\/otpMatchr13b04

OR

erlangerlang\/otpMatchr14a

OR

erlangerlang\/otpMatchr14b

OR

erlangerlang\/otpMatchr14b01

OR

erlangerlang\/otpMatchr14b02

OR

sshsshRange≤2.0.4

References

secunia.com/advisories/44709

www.kb.cert.org/vuls/id/178990

www.securityfocus.com/bid/47980

github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

61.3%

Related for NVD:CVE-2011-0766

openvas6 debiancve1 nessus3 ubuntucve1 seebug1 fedora2 freebsd1 cert1 cvelist1 prion1 cve1 rosalinux1