CVE-2011-0766

Severity

78%

Complexity

99%

Confidentiality

115%

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:N/A:N).

Overview

First reported 13 years ago

2011-05-31 20:55:00

Last updated 13 years ago

2011-07-13 04:00:00

Affected Software

Erlang Crypto application 1.0

1.0

Erlang Crypto application 1.1

1.1

Erlang Crypto application 1.1.1

1.1.1

Erlang Crypto application 1.1.2

1.1.2

Erlang Crypto application 1.1.3

1.1.3

Erlang Crypto application 1.2

1.2

Erlang Crypto application 1.2.1

1.2.1

Erlang Crypto application 1.2.2

1.2.2

Erlang Crypto application 1.2.3

1.2.3

Erlang Crypto application 1.3

1.3

Erlang Crypto application 1.4

1.4

Erlang Crypto application 1.5

1.5

Erlang Crypto application 1.5.1.1

1.5.1.1

Erlang Crypto application 1.5.2

1.5.2

Erlang Crypto application 1.5.2.1

1.5.2.1

Erlang Crypto application 1.5.3

1.5.3

Erlang Crypto application 1.6

1.6

Erlang Crypto application 1.6.1

1.6.1

Erlang Crypto application 1.6.2

1.6.2

Erlang Crypto application 1.6.3

1.6.3

Erlang Crypto application 1.6.4

1.6.4

Erlang Crypto application 2.0

2.0

Erlang Crypto application 2.0.1

2.0.1

Erlang Crypto application 2.0.2

2.0.2

Erlang/OTP R11B-5

r11b-5

Erlang/OTP R12B-5

r12b-5

Erlang/OTP R13B

r13b

Erlang/OTP R13B02-1

r13b02-1

Erlang/OTP R13B03

r13b03

Erlang/OTP R13B04

r13b04

Erlang/OTP R14A

r14a

Erlang/OTP R14B

r14b

Erlang/OTP R14B01

r14b01

SSH Communications Security SSH daemon 1.2.0

1.2.0

SSH Communications Security SSH daemon 1.2.1

1.2.1

SSH Communications Security SSH daemon 1.2.2

1.2.2

SSH Communications Security SSH daemon 1.2.3

1.2.3

SSH Communications Security SSH daemon 1.2.4

1.2.4

SSH Communications Security SSH daemon 1.2.5

1.2.5

SSH Communications Security SSH daemon 1.2.6

1.2.6

SSH Communications Security SSH daemon 1.2.7

1.2.7

SSH Communications Security SSH daemon 1.2.8

1.2.8

SSH Communications Security SSH daemon 1.2.9

1.2.9

SSH Communications Security SSH daemon 1.2.10

1.2.10

SSH Communications Security SSH daemon 1.2.11

1.2.11

SSH Communications Security SSH daemon 1.2.12

1.2.12

SSH Communications Security SSH daemon 1.2.13

1.2.13

SSH Communications Security SSH daemon 1.2.14

1.2.14

SSH Communications Security SSH daemon 1.2.15

1.2.15

SSH Communications Security SSH daemon 1.2.16

1.2.16

SSH Communications Security SSH daemon 1.2.17

1.2.17

SSH Communications Security SSH daemon 1.2.18

1.2.18

SSH Communications Security SSH daemon 1.2.19

1.2.19

SSH Communications Security SSH daemon 1.2.20

1.2.20

SSH Communications Security SSH daemon 1.2.21

1.2.21

SSH Communications Security SSH daemon 1.2.22

1.2.22

SSH Communications Security SSH daemon 1.2.23

1.2.23

SSH Communications Security SSH daemon 1.2.24

1.2.24

SSH Communications Security SSH daemon 1.2.25

1.2.25

SSH Communications Security SSH daemon 1.2.26

1.2.26

SSH Communications Security SSH daemon 1.2.27

1.2.27

SSH Communications Security SSH daemon 1.2.28

1.2.28

SSH Communications Security SSH daemon 1.2.29

1.2.29

SSH Communications Security SSH daemon 1.2.30

1.2.30

SSH Communications Security SSH daemon 1.2.31

1.2.31

References

44709

Vendor Advisory

VU#178990

Patch, US Government Resource

47980

https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5

Patch

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.