CVE-2005-0106

high

Description

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.

References

https://usn.ubuntu.com/113-1/

http://www.securityfocus.com/bid/13471

http://www.mandriva.com/security/advisories?name=MDKSA-2006:023

http://secunia.com/advisories/18639

Details

Source: Mitre, NVD

Published: 2005-05-03

Updated: 2018-10-03

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

Detections

Analytics