PT-2003-1362 · Linux · Util-Linux

Published

2003-03-03

Updated

2017-10-10

CVE-2003-0094

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions util-linux package versions 8.2 through 9.0

Description The issue is related to the mcookie utility in the util-linux package, which uses /dev/urandom instead of /dev/random. This causes mcookie to use a more predictable entropy source, potentially making certain types of attacks easier to succeed.

Recommendations For util-linux package versions 8.2 through 9.0, consider applying a patch that changes mcookie to use /dev/random instead of /dev/urandom to improve entropy source unpredictability.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2003-0094

Affected Products

Util-Linux

PT-2003-1362 · Linux · Util-Linux

CVE-2003-0094

Related Identifiers

Affected Products

References · 4