CVE-2013-4345

2013-10-1000:00:00

ubuntu.com

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.006 Low

EPSS

Percentile

78.1%

JSON

Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in
the Linux kernel through 3.11.4 makes it easier for context-dependent
attackers to defeat cryptographic protection mechanisms via multiple
requests for small amounts of data, leading to improper management of the
state of the consumed data.

Bugs

<https://launchpad.net/bugs/1229981>

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchlinux< 2.6.32-55.117UNKNOWN
ubuntu12.04noarchlinux< 3.2.0-59.90UNKNOWN
ubuntu12.10noarchlinux< 3.5.0-45.68UNKNOWN
ubuntu13.10noarchlinux< 3.11.0-15.23UNKNOWN
ubuntu12.04noarchlinux-armadaxp< 3.2.0-1630.42UNKNOWN
ubuntu12.10noarchlinux-armadaxp< 3.5.0-1626.35UNKNOWN
ubuntu10.04noarchlinux-ec2< 2.6.32-360.73UNKNOWN
ubuntu12.04noarchlinux-lts-quantal< 3.5.0-45.68~precise1UNKNOWN
ubuntu12.04noarchlinux-lts-raring< 3.8.0-38.56~precise1UNKNOWN
ubuntu12.04noarchlinux-lts-saucy< 3.11.0-15.23~precise1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	linux	< 2.6.32-55.117	UNKNOWN
ubuntu	12.04	noarch	linux	< 3.2.0-59.90	UNKNOWN
ubuntu	12.10	noarch	linux	< 3.5.0-45.68	UNKNOWN
ubuntu	13.10	noarch	linux	< 3.11.0-15.23	UNKNOWN
ubuntu	12.04	noarch	linux-armadaxp	< 3.2.0-1630.42	UNKNOWN
ubuntu	12.10	noarch	linux-armadaxp	< 3.5.0-1626.35	UNKNOWN
ubuntu	10.04	noarch	linux-ec2	< 2.6.32-360.73	UNKNOWN
ubuntu	12.04	noarch	linux-lts-quantal	< 3.5.0-45.68~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-lts-raring	< 3.8.0-38.56~precise1	UNKNOWN
ubuntu	12.04	noarch	linux-lts-saucy	< 3.11.0-15.23~precise1	UNKNOWN