CVE-2006-0353

unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.

CVSS v2.0 3.6 LOW

3.6^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html	Vendor Advisory
http://secunia.com/advisories/18564	Patch Vendor Advisory
http://secunia.com/advisories/18623	Patch Vendor Advisory
http://www.debian.org/security/2006/dsa-956	Patch Vendor Advisory
http://www.osvdb.org/22695
http://www.securityfocus.com/bid/16357	Patch
http://www.vupen.com/english/advisories/2006/0301	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/24263

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:lsh:2.0.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2006-01-22 19:03

Updated : 2023-12-10 10:28

NVD link : CVE-2006-0353

Mitre link : CVE-2006-0353

CVE.ORG link : CVE-2006-0353

JSON object : View

Products Affected

gnu

lsh

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2006-0353", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.6, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2006-01-22T19:03:00.000", "references": [{"url": "http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html", "tags": ["Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://secunia.com/advisories/18564", "tags": ["Patch", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://secunia.com/advisories/18623", "tags": ["Patch", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://www.debian.org/security/2006/dsa-956", "tags": ["Patch", "Vendor Advisory"], "source": "security@debian.org"}, {"url": "http://www.osvdb.org/22695", "source": "security@debian.org"}, {"url": "http://www.securityfocus.com/bid/16357", "tags": ["Patch"], "source": "security@debian.org"}, {"url": "http://www.vupen.com/english/advisories/2006/0301", "tags": ["Vendor Advisory"], "source": "security@debian.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24263", "source": "security@debian.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys."}], "lastModified": "2017-07-20T01:29:41.317", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:gnu:lsh:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "99AE9D23-0E20-45ED-B605-0E8733884F7D"}], "operator": "OR"}]}], "sourceIdentifier": "security@debian.org"}