CVE-2007-2453

high

Description

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

References

https://rhn.redhat.com/errata/RHSA-2007-0376.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960

https://exchange.xforce.ibmcloud.com/vulnerabilities/34781

http://www.vupen.com/english/advisories/2007/2105

http://www.ubuntu.com/usn/usn-489-1

http://www.ubuntu.com/usn/usn-486-1

http://www.ubuntu.com/usn/usn-470-1

http://www.securitytracker.com/id?1018248

http://www.securityfocus.com/bid/24390

http://www.novell.com/linux/security/advisories/2007_51_kernel.html

http://www.novell.com/linux/security/advisories/2007_43_kernel.html

http://www.mandriva.com/security/advisories?name=MDKSA-2007:216

http://www.mandriva.com/security/advisories?name=MDKSA-2007:196

http://www.mandriva.com/security/advisories?name=MDKSA-2007:171

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4

http://www.debian.org/security/2007/dsa-1356

http://secunia.com/advisories/26664

http://secunia.com/advisories/26620

http://secunia.com/advisories/26450

http://secunia.com/advisories/26139

http://secunia.com/advisories/26133

http://secunia.com/advisories/25961

http://secunia.com/advisories/25700

http://secunia.com/advisories/25596

http://osvdb.org/37114

http://marc.info/?l=linux-kernel&m=118128622431272&w=2

http://marc.info/?l=linux-kernel&m=118128610219959&w=2

Details

Source: Mitre, NVD

Published: 2007-06-11

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 1.2

Vector: CVSS2#AV:L/AC:H/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High