OpenSSL PRNG Internal State Disclosure Vulnerability

Bugtraq ID: 3004
Class: Design Error
CVE:
Remote: Yes
Local: Yes
Published: Jul 10 2001 12:00AM
Updated: Jul 10 2001 12:00AM
Credit: Reportedly discovered by Markku-Juhani O. Saarinen <markku-juhani.saarinen@nokia.com> and published in an OpenSSL Security Advisory on July 10, 2001.
Vulnerable: SSLeay SSLeay 0.9.1
SSLeay SSLeay 0.9
SSLeay SSLeay 0.8.1
OpenSSL Project OpenSSL 0.9.6 a
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ SuSE Linux 7.2 i386
 + SuSE Linux 7.1 sparc
 + SuSE Linux 7.1 ppc
 + SuSE Linux 7.1 alpha
 + SuSE Linux 7.1
OpenSSL Project OpenSSL 0.9.6
+ Caldera OpenLinux Server 3.1.1
+ Caldera OpenLinux Server 3.1
+ Caldera OpenLinux Workstation 3.1.1
+ Caldera OpenLinux Workstation 3.1
+ EnGarde Secure Linux 1.0.1
+ HP Secure OS software for Linux 1.0
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ NetBSD NetBSD 1.6 beta
 + NetBSD NetBSD 1.6
+ NetBSD NetBSD 1.5.3
+ NetBSD NetBSD 1.5.2
+ NetBSD NetBSD 1.5.1
+ NetBSD NetBSD 1.5
+ OpenBSD OpenBSD 2.9
+ OpenPKG OpenPKG 1.0
+ Redhat Linux 7.3 i386
 + Redhat Linux 7.3
+ Redhat Linux 7.2 i386
 + Redhat Linux 7.2 alpha
 + Redhat Linux 7.1 i386
 + Redhat Linux 7.1 alpha
 + Redhat Linux 7.0 sparc
 + Redhat Linux 7.0 i386
 + Redhat Linux 7.0 alpha
 + Trustix Secure Linux 1.5
+ Trustix Secure Linux 1.2
+ Trustix Secure Linux 1.1
OpenSSL Project OpenSSL 0.9.5
+ Redhat Linux 6.2 sparc
 + Redhat Linux 6.2 i386
 + Redhat Linux 6.2 alpha
 OpenSSL Project OpenSSL 0.9.4
+ Debian Linux 3.0
+ OpenBSD OpenBSD 2.6
OpenSSL Project OpenSSL 0.9.3
OpenSSL Project OpenSSL 0.9.2 b
OpenSSL Project OpenSSL 0.9.1 c
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus