Vulnerability Description
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | 5.04 |
References
- http://secunia.com/advisories/18639
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:023
- http://www.securityfocus.com/bid/13471
- https://usn.ubuntu.com/113-1/
- http://secunia.com/advisories/18639
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:023
- http://www.securityfocus.com/bid/13471
- https://usn.ubuntu.com/113-1/
FAQ
What is CVE-2005-0106?
CVE-2005-0106 is a vulnerability with a CVSS score of 4.6 (MEDIUM). SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of cer...
How severe is CVE-2005-0106?
CVE-2005-0106 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-0106?
Check the references section above for vendor advisories and patch information. Affected products include: Ubuntu Ubuntu Linux.