PT-2000-1470 · Openssl+2 · Openssl+2

Publicado

2000-06-12

Atualizado

2008-09-10

CVE-2000-0535

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL version 0.9.4 OpenSSH for FreeBSD (affected versions not specified)

Description The issue arises from improper checking for the existence of the /dev/random or /dev/urandom devices, which are not present on FreeBSD Alpha systems. This results in the production of weak keys that can be more easily broken.

Recommendations For OpenSSL version 0.9.4, update to a version that properly checks for the existence of /dev/random or /dev/urandom devices. For OpenSSH for FreeBSD, ensure that /dev/random or /dev/urandom devices are properly configured to generate strong keys. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2000-0535

Produtos afetados

Freebsd

Openssh

Openssl

PT-2000-1470 · Openssl+2 · Openssl+2

CVE-2000-0535

Identificadores relacionados

Produtos afetados

Referências · 4