CVE-2008-5162 (GCVE-0-2008-5162)

Vulnerability from cvelistv5 – Published: 2008-11-26 23:00 – Updated: 2024-08-07 10:40
VLAI
Summary
The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function's return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.
Severity
7.0 (High)
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • n/a
Assigner
References
URL Tags
http://secunia.com/advisories/32871 third-party-advisoryx_refsource_SECUNIA
http://security.freebsd.org/advisories/FreeBSD-SA… vendor-advisoryx_refsource_FREEBSD
http://securitytracker.com/id?1021276 vdb-entryx_refsource_SECTRACK
http://osvdb.org/50137 vdb-entryx_refsource_OSVDB
http://www.securityfocus.com/bid/32447 vdb-entryx_refsource_BID
Date Public
2008-11-24 00:00
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T10:40:17.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32871",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32871"
          },
          {
            "name": "FreeBSD-SA-08:11",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
          },
          {
            "name": "1021276",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1021276"
          },
          {
            "name": "50137",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/50137"
          },
          {
            "name": "32447",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/32447"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-11-24T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function\u0027s return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-12-03T10:00:00.000Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "name": "32871",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32871"
        },
        {
          "name": "FreeBSD-SA-08:11",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
        },
        {
          "name": "1021276",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1021276"
        },
        {
          "name": "50137",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/50137"
        },
        {
          "name": "32447",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/32447"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secteam@freebsd.org",
          "ID": "CVE-2008-5162",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function\u0027s return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32871",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32871"
            },
            {
              "name": "FreeBSD-SA-08:11",
              "refsource": "FREEBSD",
              "url": "http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc"
            },
            {
              "name": "1021276",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1021276"
            },
            {
              "name": "50137",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/50137"
            },
            {
              "name": "32447",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/32447"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2008-5162",
    "datePublished": "2008-11-26T23:00:00.000Z",
    "dateReserved": "2008-11-19T00:00:00.000Z",
    "dateUpdated": "2024-08-07T10:40:17.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2008-5162",
      "date": "2026-06-30",
      "epss": "0.00319",
      "percentile": "0.23568"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2008-5162\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2008-11-26T23:30:00.467\",\"lastModified\":\"2026-04-23T00:35:47.467\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does not have a proper entropy source for a short time period immediately after boot, which makes it easier for attackers to predict the function\u0027s return values and conduct certain attacks against the GEOM framework and various network protocols, related to the Yarrow random number generator.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n arc4random en el kernel enFreeBSD 6.3 a 7.1 no tiene una adecuada fuente de entrop\u00eda durante un corto per\u00edodo de tiempo inmediatamente despu\u00e9s del arranque, lo cual hace m\u00e1s f\u00e1cil para los atacantes predecir los valores de retorno de la funci\u00f3n y llevar a cabo ciertos ataques contra el GEOM framework y diversos protocolos de red en relaci\u00f3n con el generador de n\u00fameros aleatorios Yarrow.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-330\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.4\",\"versionEndExcluding\":\"7.0\",\"matchCriteriaId\":\"62111AD4-A714-4D00-A501-D3D304BD687C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D9F4FEB-30E5-4EF6-BEB6-0F1A4DE7EFB9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB6FC258-9735-4199-9499-ACFCEF30EE5E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA825CA5-84B6-4DA4-9F7F-644E532185A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"90B64FDC-01C0-4A83-827D-31F477C0359B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C826F67-CA6D-4DA4-B5E9-9F4FEFE3D6D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:6.3:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"D5666E87-F0CB-45FA-9AED-C7A0F383A559\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"1EA45D5C-199D-44A1-90B1-1157F899A01A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"06C1FB6A-E829-4FF3-B206-8877C9747DB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3A3BF88-7014-440D-8AC2-FB42A779F489\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"777E9236-AD46-484F-BC22-7F74AB6261F0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D308A1E-5364-483D-AB82-8269D576CEE8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"93078B0C-2CA2-4A9C-A740-9947074F837C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6993EAC-AC35-4E5F-AF40-8E105CC0B34A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B0B829D-2160-4927-8896-C02D9593D9B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"87D5CC07-6D6C-4015-8EFA-D6A107E2E311\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA0358B5-0CD5-484D-AEAB-15B757F8DCC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p14:*:*:*:*:*:*\",\"matchCriteriaId\":\"7932D1B4-CCC3-425E-B7D4-DD55331B0BCB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p15:*:*:*:*:*:*\",\"matchCriteriaId\":\"86F07F8F-DA28-4905-B04E-303D4CF1430A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"816C8B21-94CD-4BC5-B425-0343FB4148B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F7B4C7E-ACD2-4450-A179-4526DF58DDF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"75D904EC-C9CD-438B-B9BE-B4B4C370761C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"71B49898-6E1C-4629-832C-787B8B205403\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"250A24F5-FE83-488C-9D07-C35E6D718BFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"55D7B8E3-25CB-4AEB-BF1B-EA115A19E762\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCEDB8D4-E96C-430C-AEFD-F20D25AAD097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"E644315A-04C5-45AB-A814-BB5A6B8C93D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"C666F892-19C7-4351-ACD1-A48048F2F234\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52DBF406-9C77-4DDA-AB7D-40FAE40023D0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:7.1:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"6E04B0A6-E6AD-4C44-BEED-7BB7EC58A0A8\"}]}]}],\"references\":[{\"url\":\"http://osvdb.org/50137\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32871\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021276\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/32447\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://osvdb.org/50137\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/32871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://security.freebsd.org/advisories/FreeBSD-SA-08:11.arc4random.asc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://securitytracker.com/id?1021276\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securityfocus.com/bid/32447\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.