Upstream information

CVE-2008-5659 at MITRE

Description

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 457169 [CLOSED / FIXED]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 18:35:19 2013
CVE page last modified: Sat Sep 14 15:10:47 2024

CVE-2008-5659

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

SUSE Timeline for this CVE