Lucene search

K
ubuntuUbuntuUSN-612-2
HistoryMay 13, 2008 - 12:00 a.m.

OpenSSH vulnerability

2008-05-1300:00:00
ubuntu.com
43

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.09 Low

EPSS

Percentile

94.4%

Releases

  • Ubuntu 8.04
  • Ubuntu 7.10
  • Ubuntu 7.04

Packages

  • openssh -

Details

A weakness has been discovered in the random number generator used
by OpenSSL on Debian and Ubuntu systems. As a result of this
weakness, certain encryption keys are much more common than they
should be, such that an attacker could guess the key through a
brute-force attack given minimal knowledge of the system. This
particularly affects the use of encryption keys in OpenSSH.

This vulnerability only affects operating systems which (like
Ubuntu) are based on Debian. However, other systems can be
indirectly affected if weak keys are imported into them.

We consider this an extremely serious vulnerability, and urge all
users to act immediately to secure their systems.

Rows per page:
1-10 of 151

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

6.5 Medium

AI Score

Confidence

High

7.8 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

0.09 Low

EPSS

Percentile

94.4%