Vulnerability Description
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openssl | Openssl | 0.9.1c |
| Ssleay | Ssleay | 0.8.1 |
References
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
- http://www.redhat.com/support/errata/RHSA-2001-051.htmlPatchVendor Advisory
- http://www.securityfocus.com/advisories/3475
- http://www.securityfocus.com/archive/1/195829PatchVendor Advisory
- http://www.securityfocus.com/bid/3004PatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
- ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
FAQ
What is CVE-2001-1141?
CVE-2001-1141 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used...
How severe is CVE-2001-1141?
CVE-2001-1141 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2001-1141?
Check the references section above for vendor advisories and patch information. Affected products include: Openssl Openssl, Ssleay Ssleay.