PT-2005-1214 · Perl · Libnet-Ssleay-Perl

Publicado

2005-05-03

Atualizado

2018-10-03

CVE-2005-0106

CVSS v2.0

4.6

Média

Vetor

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libnet-ssleay-perl versions prior to 1.25

Description The issue allows local users to reduce the cryptographic strength of certain operations by modifying the /tmp/entropy file, which is used for entropy if a source is not set in the EGD PATH variable.

Recommendations For versions prior to 1.25, update to version 1.25 or later to resolve the issue. As a temporary workaround, consider setting a source in the EGD PATH variable to prevent the use of the /tmp/entropy file. Restrict access to the /tmp/entropy file to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2005-0106

Produtos afetados

Libnet-Ssleay-Perl

PT-2005-1214 · Perl · Libnet-Ssleay-Perl

CVE-2005-0106

Identificadores relacionados

Produtos afetados

Referências · 8