Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-5162

The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.

Published

2008-11-26T23:30:00.467

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 7.0 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-330

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	freebsd	freebsd	< 7.0	Yes
Operating System	freebsd	freebsd	6.3	Yes
Operating System	freebsd	freebsd	6.3	Yes
Operating System	freebsd	freebsd	6.3	Yes
Operating System	freebsd	freebsd	6.3	Yes
Operating System	freebsd	freebsd	6.3	Yes
Operating System	freebsd	freebsd	6.3	Yes
Operating System	freebsd	freebsd	7.0	Yes
Operating System	freebsd	freebsd	7.0	Yes
Operating System	freebsd	freebsd	7.0	Yes
Operating System	freebsd	freebsd	7.0	Yes
Operating System	freebsd	freebsd	7.0	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes
Operating System	freebsd	freebsd	7.1	Yes

References

http://osvdb.org/50137 Broken Link ([email protected])
http://secunia.com/advisories/32871 Broken Link ([email protected])
http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc Vendor Advisory ([email protected])
http://securitytracker.com/id?1021276 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://www.securityfocus.com/bid/32447 Broken Link, Third Party Advisory, VDB Entry ([email protected])
http://osvdb.org/50137 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/32871 Broken Link (af854a3a-2127-422b-91ae-364da2661108)
http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1021276 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32447 Broken Link, Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)