Vulnerability Description
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Andries Brouwer | Util-Linux | 2.11n |
References
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016
- http://www.securityfocus.com/bid/6855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11318
- http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016
- http://www.securityfocus.com/bid/6855
- https://exchange.xforce.ibmcloud.com/vulnerabilities/11318
FAQ
What is CVE-2003-0094?
CVE-2003-0094 is a vulnerability with a CVSS score of 5.0 (MEDIUM). A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expec...
How severe is CVE-2003-0094?
CVE-2003-0094 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0094?
Check the references section above for vendor advisories and patch information. Affected products include: Andries Brouwer Util-Linux.