{ "id": "CVE-2011-0766", "sourceIdentifier": "cret@cert.org", "published": "2011-05-31T20:55:01.780", "lastModified": "2011-07-13T04:00:00.000", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys." }, { "lang": "es", "value": "El generador de n\u00fameros aleatorios de la aplicaci\u00f3n Crypto en versiones anteriores a la 2.0.2.2, y SSH anteriores a 2.0.5, como es usado en la librer\u00eda Erlang/OTP ssh en versiones anteriores a la R14B03, utiliza semillas predecibles basadas en la fecha actual, lo que facilita a atacantes remotos adivinar el host DSA y las claves de sesi\u00f3n SSH." } ], "metrics": { "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:L/Au:N/C:C/I:N/A:N", "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 7.8 }, "baseSeverity": "HIGH", "exploitabilityScore": 10.0, "impactScore": 6.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-310" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.2.1", "matchCriteriaId": "A5C36D51-22EA-4973-BD37-34A148222677" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "FB5F660E-5EC3-40E2-94FA-A66EB0CBF0DD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8B44B72F-AFB0-498F-887D-8C0EAD9C2E88" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D9633B0-7155-4803-8049-D9A9D4D4AED9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "C4C8CE57-BE27-40E4-92CB-8798981B5C66" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "AE9A8B56-061C-4363-A69F-98AB8BDF78A2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A79B423E-6656-4B3F-BF8F-244FE2C6FEE5" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "0077206E-C950-40FD-80F2-C0FC4D2DCD26" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "1A5FA101-AF58-490A-BD73-3FC14D7F3051" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "34AA6EAB-1AA7-442B-AFDF-FD28937CF213" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2FE56F6-F2B6-43B2-884F-388D9569D5B7" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "62145D39-70A4-4482-A081-478A265A075B" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.5:*:*:*:*:*:*:*", "matchCriteriaId": "FCBA488C-E51B-45AA-BFB1-265E1939FAC2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "F5E8BE3B-6F10-4DFD-9CAC-9E7851C66B33" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "362A2ABB-F8A5-4832-B362-15AC8F24FF4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.5.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "CB0E2899-AD8E-4DCD-BCD1-A42D0767CA4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "71C21890-14AE-4C90-91FE-AC3D0C56E557" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.6:*:*:*:*:*:*:*", "matchCriteriaId": "0D9CBBCD-D83A-4A38-9D16-478237C70C6F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.6.1:*:*:*:*:*:*:*", "matchCriteriaId": "492B6AD5-D2B8-414A-92C6-3A11C9953731" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.6.2:*:*:*:*:*:*:*", "matchCriteriaId": "F9C5A903-9071-4D8F-898A-25AF979A44A1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "4A541E52-B472-422C-9FA0-700B148FDE6A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:1.6.4:*:*:*:*:*:*:*", "matchCriteriaId": "A1FA52AD-F30E-419E-9BC4-48150F6CA9DF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "107B74C1-29C6-4B2B-B98D-23D4A1032D6F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "37573744-A68C-41C7-BEF7-DBA5D82F63E6" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:crypto:2.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "7FFBB645-A7E4-45C0-BD38-22C69AE31C76" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:*:*:*:*:*:*:*:*", "versionEndIncluding": "r14b02", "matchCriteriaId": "AA9EF6B3-4038-4A94-B531-326D6D8A7203" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r11b-5:*:*:*:*:*:*:*", "matchCriteriaId": "E83FC35B-457E-461C-939A-2A2DAB1C2461" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r12b-5:*:*:*:*:*:*:*", "matchCriteriaId": "C6C511C8-EE7D-4E4F-829A-8A28A3F5DE7A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b:*:*:*:*:*:*:*", "matchCriteriaId": "ADBDFE1E-0212-4A40-AF37-452469A591DE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b02-1:*:*:*:*:*:*:*", "matchCriteriaId": "90FCA4F4-F172-44F8-A7E9-03C4374D8BE3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b03:*:*:*:*:*:*:*", "matchCriteriaId": "33E2E62B-42A6-4D2C-80D0-B1AFD8F24E4A" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r13b04:*:*:*:*:*:*:*", "matchCriteriaId": "586A5C8B-0842-4D1C-A33A-A5E4AB0F7422" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14a:*:*:*:*:*:*:*", "matchCriteriaId": "98D07E19-8830-4112-993B-92475F37CB68" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b:*:*:*:*:*:*:*", "matchCriteriaId": "13DF6614-88C8-49CE-97E3-0AD2D3972182" }, { "vulnerable": true, "criteria": "cpe:2.3:a:erlang:erlang\\/otp:r14b01:*:*:*:*:*:*:*", "matchCriteriaId": "10182FC9-2DE9-4FAD-8C9D-D5B21A735824" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.0.4", "matchCriteriaId": "B5FC28F2-797D-4C4E-B9B8-D89A3AAD7950" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "1E9C3330-E163-4699-B7F6-2D9B089E8A6D" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "F62C0C54-6BC0-4A8B-8006-F1EEEFAC3699" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "011ECCA8-63DD-4FB0-A2F4-B4BAF344242E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "86A52DB0-B17A-437C-8E3A-0F824B9F88AD" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "8EDDCCD5-76B1-4981-BA9D-0C4702DD3FBA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.5:*:*:*:*:*:*:*", "matchCriteriaId": "6A9E54C6-7003-46B0-85B3-0C2E7E611D38" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "082C8ECC-CDAF-440B-90D0-A1FE028B03F9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.7:*:*:*:*:*:*:*", "matchCriteriaId": "7D0AAA72-CAA5-4985-ADD9-1790CE3C66D4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "C0C2A220-D8AB-4FAD-8048-F2C1764F965F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "5010A78A-394E-4196-90CB-5D371C3BD1EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "E5F6F181-41B1-47D1-A216-194DC4C762EC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "D6EEBDAB-AA0D-407B-B8EE-6C33B0423AF9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "45446BD9-3B03-43B6-B686-F6EACFABD699" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "FCE6F492-8E28-4FA1-9BF1-96BAF5D68545" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "41BF66ED-CB08-440E-AC05-A31371B7A380" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "E0EE3216-D8FF-43F0-9329-6676E2CEC250" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "9310E12D-1136-4AD6-9678-8ADCD9EE58C3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "BBEDF399-58DE-491A-8B51-87E0392FF9C9" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.18:*:*:*:*:*:*:*", "matchCriteriaId": "CBDF2DE8-8559-4BED-80AE-E1420BBF4043" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.19:*:*:*:*:*:*:*", "matchCriteriaId": "23EB8421-76BF-47D1-B294-68412D5E4572" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.20:*:*:*:*:*:*:*", "matchCriteriaId": "D9560989-5342-4C6B-974F-7D90C467BA39" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.21:*:*:*:*:*:*:*", "matchCriteriaId": "971835AF-E908-4C74-9DE0-167349138DEC" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.22:*:*:*:*:*:*:*", "matchCriteriaId": "2E0D49C5-54B4-4437-A2D3-3EBFA1D9A3CF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "926B57D7-009C-4317-ACFB-98551FADC5B2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*", "matchCriteriaId": "B0EDBA45-FDEE-4D4B-A6FF-7E953B523DAE" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*", "matchCriteriaId": "7AF5BDEF-E86B-4F4D-AF6D-B27044A96B1E" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*", "matchCriteriaId": "7D0FF07F-E13B-425F-9892-C50B326B2944" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*", "matchCriteriaId": "338EDA76-05D6-48C0-952E-6244A5F206F3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*", "matchCriteriaId": "F719468E-A218-4EB5-9F8D-7841E84F44C8" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*", "matchCriteriaId": "1E4FCD36-0009-4A93-A190-8FDD11C672CA" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*", "matchCriteriaId": "71727854-1B75-465F-AF8C-DFE6EFF46B40" }, { "vulnerable": true, "criteria": "cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*", "matchCriteriaId": "64B76EA2-D3A6-4751-ADE6-998C2A7B44FA" } ] } ] } ], "references": [ { "url": "http://www.kb.cert.org/vuls/id/178990", "source": "cret@cert.org", "tags": [ "Patch", "US Government Resource" ] }, { "url": "http://www.securityfocus.com/bid/47980", "source": "cret@cert.org" }, { "url": "https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5", "source": "cret@cert.org", "tags": [ "Patch" ] } ] }