CVE-2007-6150
FreeBSD-SA-07-09.random.txt
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
El código de "seguimiento del estado interno" para los dispositivos random y urandom de FreeBSD 5.5, 6.1 hasta 6.3, y 7.0 beta 4 permite a usuarios locales obtener parte de valores aleatorios que han sido accedidos previamente, lo cual podría aprovechado para evitar los mecanismos de protección basados en mantener estos valores en secreto.
Under certain circumstances, a bug in the internal state tracking on the random and urandom devices can be exploited to allow replaying of data distributed during subsequent reads.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2007-11-27 CVE Reserved
- 2007-11-30 CVE Published
- 2024-08-07 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (7)
URL | Tag | Source |
---|---|---|
http://osvdb.org/39600 | Vdb Entry | |
http://www.securityfocus.com/bid/26642 | Vdb Entry | |
http://www.securitytracker.com/id?1019022 | Vdb Entry | |
http://www.vupen.com/english/advisories/2007/4053 | Vdb Entry | |
https://exchange.xforce.ibmcloud.com/vulnerabilities/38764 | Vdb Entry |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://security.FreeBSD.org/advisories/FreeBSD-SA-07:09.random.asc | 2017-07-29 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/27879 | 2017-07-29 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 5.5 Search vendor "Freebsd" for product "Freebsd" and version "5.5" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.1 Search vendor "Freebsd" for product "Freebsd" and version "6.1" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.2 Search vendor "Freebsd" for product "Freebsd" and version "6.2" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 6.3 Search vendor "Freebsd" for product "Freebsd" and version "6.3" | - |
Affected
| ||||||
Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 7.0 Search vendor "Freebsd" for product "Freebsd" and version "7.0" | beta_4 |
Affected
|