PT-2000-1470 · Openssl+2 · Openssl+2

Published

2000-06-12

Updated

2008-09-10

CVE-2000-0535

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions OpenSSL version 0.9.4 OpenSSH for FreeBSD (affected versions not specified)

Description The issue arises from improper checking for the existence of the /dev/random or /dev/urandom devices, which are not present on FreeBSD Alpha systems. This results in the production of weak keys that can be more easily broken.

Recommendations For OpenSSL version 0.9.4, update to a version that properly checks for the existence of /dev/random or /dev/urandom devices. For OpenSSH for FreeBSD, ensure that /dev/random or /dev/urandom devices are properly configured to generate strong keys. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-0535

Affected Products

Freebsd

Openssh

Openssl

PT-2000-1470 · Openssl+2 · Openssl+2

CVE-2000-0535

Related Identifiers

Affected Products

References · 4