CVE-2011-0766
CVSS7.8
发布时间 :2011-05-31 16:55:01
修订时间 :2011-07-13 00:00:00
NMCOS    

[原文]The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.


[CNNVD]Erlang/OTP SSH不安全随机数产生漏洞(CNNVD-201105-266)

        Erlang/OTP ssh库R14B03之前版本中使用的Crypto application 2.0.2.2之前版本和SSH 2.0.5之前版本中存在不安全随机数产生漏洞。远程攻击者可以利用该漏洞获得对Digital Signature Algorithm(DSA)主键和SSH会话密钥的访问。

- CVSS (基础分值)

CVSS分值: 7.8 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-310 [密码学安全问题]

- CPE (受影响的平台与产品)

cpe:/a:ssh:ssh:1.2.24SSH Communications Security SSH daemon 1.2.24
cpe:/a:erlang:erlang%2Fotp:r14b02Erlang/OTP R14B02
cpe:/a:erlang:erlang%2Fotp:r13b02-1Erlang/OTP R13B02-1
cpe:/a:erlang:erlang%2Fotp:r13b03Erlang/OTP R13B03
cpe:/a:erlang:crypto:1.1.3Erlang Crypto application 1.1.3
cpe:/a:erlang:crypto:1.5.2Erlang Crypto application 1.5.2
cpe:/a:erlang:erlang%2Fotp:r14bErlang/OTP R14B
cpe:/a:erlang:crypto:1.1.2Erlang Crypto application 1.1.2
cpe:/a:ssh:ssh:1.2.28SSH Communications Security SSH daemon 1.2.28
cpe:/a:erlang:crypto:1.6.2Erlang Crypto application 1.6.2
cpe:/a:ssh:ssh:1.2.18SSH Communications Security SSH daemon 1.2.18
cpe:/a:ssh:ssh:1.2.30SSH Communications Security SSH daemon 1.2.30
cpe:/a:erlang:erlang%2Fotp:r13bErlang/OTP R13B
cpe:/a:erlang:crypto:1.1Erlang Crypto application 1.1
cpe:/a:erlang:crypto:1.2.3Erlang Crypto application 1.2.3
cpe:/a:erlang:crypto:1.5.2.1Erlang Crypto application 1.5.2.1
cpe:/a:ssh:ssh:1.2.3SSH Communications Security SSH daemon 1.2.3
cpe:/a:ssh:ssh:1.2.2SSH Communications Security SSH daemon 1.2.2
cpe:/a:ssh:ssh:1.2.4SSH Communications Security SSH daemon 1.2.4
cpe:/a:erlang:crypto:1.2.2Erlang Crypto application 1.2.2
cpe:/a:ssh:ssh:1.2.16SSH Communications Security SSH daemon 1.2.16
cpe:/a:erlang:erlang%2Fotp:r13b04Erlang/OTP R13B04
cpe:/a:erlang:crypto:1.0Erlang Crypto application 1.0
cpe:/a:ssh:ssh:1.2.25SSH Communications Security SSH daemon 1.2.25
cpe:/a:erlang:crypto:1.6Erlang Crypto application 1.6
cpe:/a:ssh:ssh:1.2.9SSH Communications Security SSH daemon 1.2.9
cpe:/a:ssh:ssh:1.2.22SSH Communications Security SSH daemon 1.2.22
cpe:/a:ssh:ssh:1.2.14SSH Communications Security SSH daemon 1.2.14
cpe:/a:erlang:crypto:1.2.1Erlang Crypto application 1.2.1
cpe:/a:ssh:ssh:1.2.15SSH Communications Security SSH daemon 1.2.15
cpe:/a:ssh:ssh:1.2.21SSH Communications Security SSH daemon 1.2.21
cpe:/a:erlang:crypto:1.5Erlang Crypto application 1.5
cpe:/a:ssh:ssh:1.2.19SSH Communications Security SSH daemon 1.2.19
cpe:/a:ssh:ssh:1.2.6SSH Communications Security SSH daemon 1.2.6
cpe:/a:erlang:crypto:2.0.1Erlang Crypto application 2.0.1
cpe:/a:erlang:crypto:1.5.1.1Erlang Crypto application 1.5.1.1
cpe:/a:erlang:erlang%2Fotp:r11b-5Erlang/OTP R11B-5
cpe:/a:erlang:crypto:1.2Erlang Crypto application 1.2
cpe:/a:erlang:crypto:1.6.4Erlang Crypto application 1.6.4
cpe:/a:ssh:ssh:1.2.12SSH Communications Security SSH daemon 1.2.12
cpe:/a:ssh:ssh:1.2.8SSH Communications Security SSH daemon 1.2.8
cpe:/a:ssh:ssh:1.2.29SSH Communications Security SSH daemon 1.2.29
cpe:/a:ssh:ssh:1.2.13SSH Communications Security SSH daemon 1.2.13
cpe:/a:erlang:erlang%2Fotp:r14b01Erlang/OTP R14B01
cpe:/a:ssh:ssh:1.2.20SSH Communications Security SSH daemon 1.2.20
cpe:/a:erlang:erlang%2Fotp:r12b-5Erlang/OTP R12B-5
cpe:/a:erlang:crypto:1.3Erlang Crypto application 1.3
cpe:/a:ssh:ssh:1.2.17SSH Communications Security SSH daemon 1.2.17
cpe:/a:erlang:crypto:2.0.2Erlang Crypto application 2.0.2
cpe:/a:erlang:erlang%2Fotp:r14aErlang/OTP R14A
cpe:/a:erlang:crypto:1.4Erlang Crypto application 1.4
cpe:/a:erlang:crypto:1.1.1Erlang Crypto application 1.1.1
cpe:/a:erlang:crypto:2.0.2.1Erlang Crypto application 2.0.2.1
cpe:/a:ssh:ssh:1.2.0SSH Communications Security SSH daemon 1.2.0
cpe:/a:ssh:ssh:1.2.26SSH Communications Security SSH daemon 1.2.26
cpe:/a:ssh:ssh:1.2.23SSH Communications Security SSH daemon 1.2.23
cpe:/a:erlang:crypto:2.0Erlang Crypto application 2.0
cpe:/a:ssh:ssh:1.2.10SSH Communications Security SSH daemon 1.2.10
cpe:/a:ssh:ssh:1.2.5SSH Communications Security SSH daemon 1.2.5
cpe:/a:erlang:crypto:1.6.3Erlang Crypto application 1.6.3
cpe:/a:ssh:ssh:1.2.27SSH Communications Security SSH daemon 1.2.27
cpe:/a:ssh:ssh:1.2.11SSH Communications Security SSH daemon 1.2.11
cpe:/a:ssh:ssh:1.2.7SSH Communications Security SSH daemon 1.2.7
cpe:/a:erlang:crypto:1.6.1Erlang Crypto application 1.6.1
cpe:/a:ssh:ssh:1.2.31SSH Communications Security SSH daemon 1.2.31
cpe:/a:ssh:ssh:2.0.4
cpe:/a:erlang:crypto:1.5.3Erlang Crypto application 1.5.3
cpe:/a:ssh:ssh:1.2.1SSH Communications Security SSH daemon 1.2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0766
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0766
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-201105-266
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/178990
(PATCH)  CERT-VN  VU#178990
https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
(PATCH)  CONFIRM  https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
http://www.securityfocus.com/bid/47980
(UNKNOWN)  BID  47980
http://secunia.com/advisories/44709
(VENDOR_ADVISORY)  SECUNIA  44709

- 漏洞信息

Erlang/OTP SSH不安全随机数产生漏洞
高危 加密问题
2011-05-27 00:00:00 2011-09-08 00:00:00
远程  
        Erlang/OTP ssh库R14B03之前版本中使用的Crypto application 2.0.2.2之前版本和SSH 2.0.5之前版本中存在不安全随机数产生漏洞。远程攻击者可以利用该漏洞获得对Digital Signature Algorithm(DSA)主键和SSH会话密钥的访问。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.erlang.org/download.html

- 漏洞信息

73264
Erlang/OTP SSH Predictable Seed Insecure Random Number Generator Weakness
Remote / Network Access Cryptographic
Loss of Integrity Upgrade
Exploit Public Vendor Verified

- 漏洞描述

- 时间线

2011-05-26 Unknow
Unknow Unknow

- 解决方案

Upgrade to version R14B03 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Erlang/OTP SSH Library Random Number Generator Weakness
Design Error 47980
Yes No
2011-05-25 12:00:00 2011-08-01 10:30:00
Geoff Cant

- 受影响的程序版本

Red Hat Fedora 15
Red Hat Fedora 14
erlang.org Erlang/OTP R14B02
erlang.org Erlang/OTP R14B01
erlang.org Erlang/OTP R14B
erlang.org Erlang/OTP R14A

- 漏洞讨论

Erlang/OTP is prone to a random-number-generator weakness.

Attackers can exploit this issue to gain access to Digital Signature Algorithm (DSA) host keys and SSH session keys. Obtaining these keys may allow attackers to launch other attacks.

- 漏洞利用

An attacker can user readily available network utilities to exploit this issue.

- 解决方案

Updates are available. Please see the references for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站