PT-2007-7046 · Freebsd · Freebsd
Robert Woolley
·
Published
2007-11-30
·
Updated
2017-07-29
·
CVE-2007-6150
CVSS v2.0
2.1
Low
| Vector | AV:L/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
FreeBSD versions 5.5, 6.1 through 6.3, and 7.0 beta 4
Description
The issue affects the "internal state tracking" code for the random and urandom devices, allowing local users to obtain portions of previously-accessed random values. This could be used to bypass protection mechanisms that rely on secrecy of those values.
Recommendations
For FreeBSD versions 5.5, 6.1 through 6.3, and 7.0 beta 4, at the moment, there is no information about a newer version that contains a fix for this issue.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Freebsd