PT-2005-1214 · Perl · Libnet-Ssleay-Perl

Published

2005-05-03

Updated

2018-10-03

CVE-2005-0106

CVSS v2.0

4.6

Medium

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libnet-ssleay-perl versions prior to 1.25

Description The issue allows local users to reduce the cryptographic strength of certain operations by modifying the /tmp/entropy file, which is used for entropy if a source is not set in the EGD PATH variable.

Recommendations For versions prior to 1.25, update to version 1.25 or later to resolve the issue. As a temporary workaround, consider setting a source in the EGD PATH variable to prevent the use of the /tmp/entropy file. Restrict access to the /tmp/entropy file to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-0106

Affected Products

Libnet-Ssleay-Perl

PT-2005-1214 · Perl · Libnet-Ssleay-Perl

CVE-2005-0106

Related Identifiers

Affected Products

References · 8