Your submission was sent successfully! Close

CVE-2008-0166

Published: 13 May 2008

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Notes

AuthorNote
jdstrand
openssh medium since 'only needed blacklist capability'
ssl-cert high since 'only affected snakeoil certificates'
Priority

Critical

Status

Package Release Status
openssh
Launchpad, Ubuntu, Debian
dapper
Released (1:4.2p1-7ubuntu3.4)
feisty
Released (1:4.3p2-8ubuntu1.3)
gutsy
Released (1:4.6p1-5ubuntu0.3)
hardy
Released (1:4.7p1-8ubuntu1.1)
upstream Not vulnerable

openssh-blacklist
Launchpad, Ubuntu, Debian
dapper
Released (0.1)
feisty
Released (0.1)
gutsy
Released (0.1)
hardy
Released (0.1)
upstream
Released (0.3)
openssl
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty
Released (0.9.8c-4ubuntu0.3)
gutsy
Released (0.9.8e-5ubuntu3.2)
hardy
Released (0.9.8g-4ubuntu3.1)
upstream Not vulnerable

openssl-blacklist
Launchpad, Ubuntu, Debian
dapper
Released (0.1)
feisty
Released (0.1)
gutsy
Released (0.1)
hardy
Released (0.1)
upstream
Released (0.3)
openvpn
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty
Released (2.0.9-5ubuntu0.1)
gutsy
Released (2.0.9-8ubuntu0.1)
hardy
Released (2.1~rc7-1ubuntu3.1)
upstream Not vulnerable

openvpn-blacklist
Launchpad, Ubuntu, Debian
dapper Does not exist

feisty
Released (0.1)
gutsy
Released (0.1)
hardy
Released (0.1)
upstream
Released (0.3)
ssl-cert
Launchpad, Ubuntu, Debian
dapper Not vulnerable

feisty
Released (1.0.13-0ubuntu0.7.04.1)
gutsy
Released (1.0.14-0ubuntu0.7.10.1)
hardy
Released (1.0.14-0ubuntu2.1)
upstream Not vulnerable