CVE Vulnerability

CVE-2008-5162

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

6.9 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 10

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc Vendor Advisory
http://securitytracker.com/id?1021276
http://www.securityfocus.com/bid/32447
http://secunia.com/advisories/32871
http://osvdb.org/50137
Configurations

Configuration 1

cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*
Information

Published : 2008-11-26 11:30

Updated : 2008-12-03 06:46

NVD link : CVE-2008-5162

Mitre link : CVE-2008-5162

Products Affected
No products.
CWE
CWE-330