CVE-2011-0766

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-0766
The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://secunia.com/advisories/44709 Vendor Advisory
http://www.kb.cert.org/vuls/id/178990 Patch Third Party Advisory US Government Resource
http://www.securityfocus.com/bid/47980 Third Party Advisory VDB Entry
https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5 Patch
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:erlang:crypto:*:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r11b-5:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r12b-5:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r13b:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r13b02-1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r13b03:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r13b04:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r14a:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r14b:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r14b01:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:r14b02:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:*:*:*:*:*:*:*:*
History

25 Sep 2023, 15:28

Type Values Removed Values Added
CPE cpe:2.3:a:erlang:crypto:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.19:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.24:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.9:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.26:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.14:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.13:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.6:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.1.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.27:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.3:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.0:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.5.1.1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.10:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.15:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:2.0.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.22:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.31:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.6:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.20:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.7:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.21:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.29:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.2.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.12:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.16:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.3:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.11:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.25:*:*:*:*:*:*:*
cpe:2.3:a:erlang:erlang\/otp:*:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.23:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.17:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.18:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.2:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.28:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.30:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:2.0:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.5:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.4:*:*:*:*:*:*:*
cpe:2.3:a:ssh:ssh:1.2.8:*:*:*:*:*:*:*
cpe:2.3:a:erlang:crypto:1.6.2:*:*:*:*:*:*:*		 cpe:2.3:a:erlang:erlang\/otp:r14b02:*:*:*:*:*:*:*
References (CERT-VN) http://www.kb.cert.org/vuls/id/178990 - Patch, US Government Resource (CERT-VN) http://www.kb.cert.org/vuls/id/178990 - Patch, Third Party Advisory, US Government Resource
References (BID) http://www.securityfocus.com/bid/47980 - (BID) http://www.securityfocus.com/bid/47980 - Third Party Advisory, VDB Entry
Information

Published : 2011-05-31 20:55

Updated : 2023-12-10 11:03

NVD link : CVE-2011-0766

Mitre link : CVE-2011-0766

CVE.ORG link : CVE-2011-0766

JSON object : View

Products Affected

erlang

  • erlang\/otp
  • crypto

ssh

  • ssh
CWE
CWE-310

Cryptographic Issues