Vulnerability Description
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | 2.6.0 |
References
- http://marc.info/?l=linux-kernel&m=118128610219959&w=2Patch
- http://marc.info/?l=linux-kernel&m=118128622431272&w=2Patch
- http://osvdb.org/37114
- http://secunia.com/advisories/25596
- http://secunia.com/advisories/25700
- http://secunia.com/advisories/25961
- http://secunia.com/advisories/26133
- http://secunia.com/advisories/26139
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26620
- http://secunia.com/advisories/26664
- http://www.debian.org/security/2007/dsa-1356
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:171
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:196
FAQ
What is CVE-2007-2453?
CVE-2007-2453 is a vulnerability with a CVSS score of 1.2 (LOW). The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting e...
How severe is CVE-2007-2453?
CVE-2007-2453 has been rated LOW with a CVSS base score of 1.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2453?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.