CVE-2008-0166

EPSS 70.7%

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys.

Produtos afetados

n/a · n/a

PoCs públicas encontradas — 10

githubgithub.com/g0tmi1k/debian-ssh★ 410 githubgithub.com/demining/Vulnerable-to-Debian-OpenSSL-bug-CVE-2008-0166★ 9 githubgithub.com/badkeys/debianopenssl★ 7 githubgithub.com/avarx/vulnkeys★ 1 githubgithub.com/Faizan8232403/CVE-Exploit-Research-Development★ 0 githubgithub.com/AhegaoPsyops/sslWeakness★ 0 githubgithub.com/QasimShahbaz21/CVE-Exploit-Research-Development★ 0 cve_referencewww.exploit-db.com/exploits/5622não verificado cve_referencewww.exploit-db.com/exploits/5720não verificado cve_referencewww.exploit-db.com/exploits/5632não verificado

⚠ Recursos públicos, para você avaliar a exposição de sistemas que controla ou está autorizado a testar. Teste apenas com autorização.

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://metasploit.com/users/hdm/tools/debian-openssl/https://16years.secvuln.info http://secunia.com/advisories/30136 http://secunia.com/advisories/30220 http://secunia.com/advisories/30221 http://secunia.com/advisories/30231 http://secunia.com/advisories/30239 http://secunia.com/advisories/30249 https://exchange.xforce.ibmcloud.com/vulnerabilities/42375 https://news.ycombinator.com/item?id=40333169 http://sourceforge.net/mailarchive/forum.php?thread_name=48367252.7070603%40shemesh.biz&forum_name=rsyncrypto-devel https://www.exploit-db.com/exploits/5622