CVE-2007-4311
Severity Score
6.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The xfer_secondary_pool function in drivers/char/random.c in the Linux kernel 2.4 before 2.4.35 performs reseed operations on only the first few bytes of a buffer, which might make it easier for attackers to predict the output of the random number generator, related to incorrect use of the sizeof operator.
La función xfer_secondary_pool en el archivo drivers/char/random.c en el kernel de Linux versiones 2.4 anteriores a 2.4.35, realiza operaciones de reconfiguración solo en los primeros bytes de un búfer, lo que podría hacer mas fácil para los atacantes predecir la salida del generador de números aleatorios, relacionado con el uso incorrecto del operador sizeof.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2007-08-13 CVE Reserved
- 2007-08-13 CVE Published
- 2024-08-07 CVE Updated
- 2024-10-08 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-310: Cryptographic Issues
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=bd67d4c7b11cc33ebdc346bc8926d255b354cd64 | X_refsource_confirm | |
| http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.34.y.git%3Ba=commit%3Bh=faa3369ac2ea7feb0dd266b6a5e8d6ab153cf925 | X_refsource_confirm | |
| http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.34.6 | X_refsource_confirm | |
| http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.35 | X_refsource_confirm | |
| http://www.securityfocus.com/bid/25029 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/29058 | 2023-11-07 | |
| http://www.debian.org/security/2008/dsa-1503 | 2023-11-07 | |
| http://www.vupen.com/english/advisories/2007/2690 | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | <= 2.4.34 Search vendor "Linux" for product "Linux Kernel" and version " <= 2.4.34" | - |
Affected
| ||||||