CVE-2008-0166
Summary
| CVE | CVE-2008-0166 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-05-13 17:20:00 UTC |
| Updated | 2022-02-02 14:59:00 UTC |
| Description | OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys. |
Risk And Classification
Problem Types: CWE-310
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | 7.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 7.10 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.04 | All | All | All |
| Operating System | Debian | Debian Linux | 4.0 | All | All | All |
| Application | Openssl | Openssl | 0.9.8c-1 | All | All | All |
| Application | Openssl | Openssl | 0.9.8d | All | All | All |
| Application | Openssl | Openssl | 0.9.8e | All | All | All |
| Application | Openssl | Openssl | 0.9.8f | All | All | All |
| Application | Openssl | Openssl | 0.9.8g | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8c-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8d-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8e-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8f-9 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-1 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-2 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-3 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-4 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-5 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-6 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-7 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-8 | All | All | All |
| Application | Openssl Project | Openssl | 0.9.8g-9 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Ubuntu update for openvpn - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| US-CERT Technical Cyber Security Alert TA08-137A -- Debian/Ubuntu OpenSSL Random Number Generator Vulnerability | CERT | www.us-cert.gov | US Government Resource |
| USN-612-4: ssl-cert vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| USN-612-7: OpenSSH update | Ubuntu | UBUNTU | www.ubuntu.com | |
| Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python) | EXPLOIT-DB | www.exploit-db.com | |
| Ubuntu update for ssl-cert - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Debian -- Security Information -- DSA-1571-1 openssl | DEBIAN | www.debian.org | Patch, Vendor Advisory |
| USN-612-1: OpenSSL vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Patch |
| Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (ruby) | EXPLOIT-DB | www.exploit-db.com | |
| US-CERT Vulnerability Note VU#925211 | CERT-VN | www.kb.cert.org | US Government Resource |
| Debian OpenSSL Package Random Number Generator Weakness | BID | www.securityfocus.com | Exploit |
| USN-612-2: OpenSSH vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | Patch |
| USN-612-3: OpenVPN vulnerability | Ubuntu | UBUNTU | www.ubuntu.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Debian -- Security Information -- DSA-1576-1 openssh | DEBIAN | www.debian.org | Patch |
| SourceForge.net: rsync friendly file encryption: rsyncrypto-devel | MLIST | sourceforge.net | |
| Ubuntu update for openssl - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| Debian update for openssh - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| SecurityTracker.com Archives - OpenSSL for Debian/Ubuntu Predictable RNG Lets Remote Users Determine Cryptographic Keys | SECTRACK | www.securitytracker.com | |
| SecurityFocus | BUGTRAQ | www.securityfocus.com | |
| Debian OpenSSL Predictable PRNG Toys | MISC | metasploit.com | |
| Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit | EXPLOIT-DB | www.exploit-db.com | |
| Debian OpenSSL Predictable Random Number Generator and Update - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| Ubuntu update for openssh - Advisories - Secunia | SECUNIA | secunia.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|---|---|---|
| Red Hat | 2008-05-13 | Mark J Cox | Not vulnerable. This flaw was caused by a third-party vendor patch to the OpenSSL library. This patch has never been used by Red Hat, and this issue therefore does not affect any Fedora, Red Hat, or upstream supplied OpenSSL packages. |
There are currently no legacy QID mappings associated with this CVE.