Published: 17/12/2008 Updated: 08/08/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and previous versions uses a predictable seed based on the system time, which makes it easier for context-dependent malicious users to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu classpath 0.96.1
gnu classpath 0.95
gnu classpath 0.93
gnu classpath 0.17
gnu classpath 0.16
gnu classpath 0.9
gnu classpath 0.8
gnu classpath 0.92
gnu classpath 0.91
gnu classpath
gnu classpath 0.97.1
gnu classpath 0.90
gnu classpath 0.20
gnu classpath 0.13
gnu classpath 0.12
gnu classpath 0.15
gnu classpath 0.14
gnu classpath 0.7
gnu classpath 0.6
gnu classpath 0.97
gnu classpath 0.96
gnu classpath 0.19
gnu classpath 0.18
gnu classpath 0.11
gnu classpath 0.10

source: wwwsecurityfocuscom/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator (PRNG) lacks entropy Attackers may leverage this issue to obtain sensitive information that can lead to further attacks Classpath 0972 is vulnerable; other versio ...

source: wwwsecurityfocuscom/bid/32909/info GNU Classpath is prone to a weakness that may result in weaker cryptographic security because its psuedo-random number generator (PRNG) lacks entropy Attackers may leverage this issue to obtain sensitive information that can lead to further attacks Classpath 0972 is vulnerable; other ver ...

CWE-310 http://www.openwall.com/lists/oss-security/2008/12/06/2 http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417 https://exchange.xforce.ibmcloud.com/vulnerabilities/47574 https://nvd.nist.gov https://www.exploit-db.com/exploits/32673/

CVE-2008-5659

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect