CVE-2006-0898 - Vulnerability Details

Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Lincoln D. Stein	Crypt Cbc
Redhat	Network Satellite

Configuration 1 [-]

OR	cpe:2.3:a:lincoln_d._stein:crypt_cbc::::::::
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.00:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.10:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.20:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.21:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.22:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.24:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.25:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.00:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.01:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.02:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.03:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.04:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.05:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.07:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.08:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.09:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.10:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.11:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.12:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.13:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.14:::::::*
	cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.15:::::::*

Package	CPE	Advisory	Released Date
Red Hat Network Satellite Server v 4.2
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el4	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 4.2 (RHEL3)
jabberd-0:2.0s10-3.37.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
openmotif21-0:2.1.30-9.RHEL3.8	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel3	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:4.2::el3	RHSA-2008:0524	2008-06-30T00:00:00Z
Red Hat Network Satellite Server v 5.0
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
openmotif21-0:2.1.30-11.RHEL4.6	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modjk-0:1.2.23-2rhn.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
rhn-modssl-0:2.8.12-8.rhn.10.rhel4	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:5.0:el4	RHSA-2008:0261	2008-05-20T00:00:00Z
Red Hat Network Satellite Server v 5.1
jfreechart-0:0.9.20-3.rhn	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
mod_perl-0:2.0.2-12.el4	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
perl-Crypt-CBC-0:2.24-1.el4	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
rhn-web-0:5.1.1-7	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z
tomcat5-0:5.0.30-0jpp_10rh	cpe:/a:redhat:network_satellite:5.1::el4	RHSA-2008:0630	2008-08-13T00:00:00Z

References

Link	Providers
http://rhn.redhat.com/errata/RHSA-2008-0630.html
http://secunia.com/advisories/18755
http://secunia.com/advisories/19187
http://secunia.com/advisories/19303
http://secunia.com/advisories/20899
http://secunia.com/advisories/31493
http://securityreason.com/securityalert/488
http://www.debian.org/security/2006/dsa-996
http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml
http://www.novell.com/linux/security/advisories/2006_38_security.html
http://www.redhat.com/support/errata/RHSA-2008-0261.html
http://www.securityfocus.com/archive/1/425966/100/0/threaded
http://www.securityfocus.com/bid/16802
https://exchange.xforce.ibmcloud.com/vulnerabilities/24954
https://nvd.nist.gov/vuln/detail/CVE-2006-0898
https://www.cve.org/CVERecord?id=CVE-2006-0898

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-02-25T11:00:00

Updated: 2024-08-07T16:48:56.805Z

Reserved: 2006-02-25T00:00:00

Link: CVE-2006-0898

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-02-25T11:02:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-0898

Redhat

Severity : Low

Publid Date: 2006-02-23T00:00:00Z

Links: CVE-2006-0898 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-02-23T00:00:00", "descriptions": [{"lang": "en", "value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20899", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/20899"}, {"name": "RHSA-2008:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"name": "31493", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31493"}, {"name": "GLSA-200603-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"}, {"name": "19187", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19187"}, {"name": "488", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/488"}, {"name": "DSA-996", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-996"}, {"name": "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded"}, {"name": "SUSE-SR:2006:015", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"}, {"name": "19303", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19303"}, {"name": "18755", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/18755"}, {"name": "16802", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/16802"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "crypt-cbc-header-weak-encryption(24954)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0898", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20899", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/20899"}, {"name": "RHSA-2008:0630", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"name": "31493", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31493"}, {"name": "GLSA-200603-15", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"}, {"name": "19187", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19187"}, {"name": "488", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/488"}, {"name": "DSA-996", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-996"}, {"name": "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded"}, {"name": "SUSE-SR:2006:015", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"}, {"name": "19303", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19303"}, {"name": "18755", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/18755"}, {"name": "16802", "refsource": "BID", "url": "http://www.securityfocus.com/bid/16802"}, {"name": "RHSA-2008:0261", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "crypt-cbc-header-weak-encryption(24954)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:48:56.805Z"}, "title": "CVE Program Container", "references": [{"name": "20899", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/20899"}, {"name": "RHSA-2008:0630", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"name": "31493", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31493"}, {"name": "GLSA-200603-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"}, {"name": "19187", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19187"}, {"name": "488", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/488"}, {"name": "DSA-996", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-996"}, {"name": "20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded"}, {"name": "SUSE-SR:2006:015", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"}, {"name": "19303", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19303"}, {"name": "18755", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/18755"}, {"name": "16802", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/16802"}, {"name": "RHSA-2008:0261", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"name": "crypt-cbc-header-weak-encryption(24954)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0898", "datePublished": "2006-02-25T11:00:00", "dateReserved": "2006-02-25T00:00:00", "dateUpdated": "2024-08-07T16:48:56.805Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:*:*:*:*:*:*:*:*", "matchCriteriaId": "89DA8BBA-BD52-4681-BBBB-CC5AABE54F2C", "versionEndIncluding": "2.16", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.00:*:*:*:*:*:*:*", "matchCriteriaId": "6B2F0A67-A7CE-49D6-A2CD-6F4393FE2A37", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.10:*:*:*:*:*:*:*", "matchCriteriaId": "2DAEE37D-C3AB-47C2-9CB5-8FE8701CE26C", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.20:*:*:*:*:*:*:*", "matchCriteriaId": "1652B31A-A08D-409F-82CC-63C38BD54777", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.21:*:*:*:*:*:*:*", "matchCriteriaId": "8A31AE55-82F5-4013-BBA9-846FE8C141B9", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.22:*:*:*:*:*:*:*", "matchCriteriaId": "16FF2FE4-1517-49E2-90BD-0AEC23AABBA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.24:*:*:*:*:*:*:*", "matchCriteriaId": "18B9114C-1080-4C56-967B-0B4AAB4B74C3", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.25:*:*:*:*:*:*:*", "matchCriteriaId": "2FAD3579-5DA3-4421-9CB8-84DF1C5EED77", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.00:*:*:*:*:*:*:*", "matchCriteriaId": "464C92A8-C933-43C9-97D3-2E10F81C9515", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.01:*:*:*:*:*:*:*", "matchCriteriaId": "BC89E8C4-A060-44F6-B8BB-2DC740056168", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.02:*:*:*:*:*:*:*", "matchCriteriaId": "C0613A87-1DA3-4B38-809C-3A9C5FD57D0D", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.03:*:*:*:*:*:*:*", "matchCriteriaId": "F4620FA9-7988-4662-B1AB-890B44BB0563", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.04:*:*:*:*:*:*:*", "matchCriteriaId": "86E0A245-9F6C-4380-8EB7-0E40E593FAF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.05:*:*:*:*:*:*:*", "matchCriteriaId": "58FDCFFB-A5C0-4DFC-BC3F-889F35C2279A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.07:*:*:*:*:*:*:*", "matchCriteriaId": "7F408A93-B157-4AAE-A82E-9D9C2644031A", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.08:*:*:*:*:*:*:*", "matchCriteriaId": "8633D8F7-4760-4AF1-8D66-65F9FD6CD8FE", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.09:*:*:*:*:*:*:*", "matchCriteriaId": "CBB236DB-B41E-4195-A2D8-4DC236E9AE66", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.10:*:*:*:*:*:*:*", "matchCriteriaId": "5F0AA0EA-08C8-4011-A9FC-F7FBDFF440BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.11:*:*:*:*:*:*:*", "matchCriteriaId": "1DB55D93-46B9-4E55-903B-FFFF60200BF2", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.12:*:*:*:*:*:*:*", "matchCriteriaId": "DCEEE347-298E-41B3-B84F-6F7F682FCBBB", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.13:*:*:*:*:*:*:*", "matchCriteriaId": "E2452328-546D-425C-A1E3-19339EE01BCD", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.14:*:*:*:*:*:*:*", "matchCriteriaId": "93CBC7F6-8104-4871-9DBA-D76E97301E00", "vulnerable": true}, {"criteria": "cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.15:*:*:*:*:*:*:*", "matchCriteriaId": "8D0C7579-81EF-44C6-8956-3DB78CFF83C2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael."}], "id": "CVE-2006-0898", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-02-25T11:02:00.000", "references": [{"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/18755"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19187"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/19303"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/20899"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31493"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/488"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2006/dsa-996"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"}, {"source": "cve@mitre.org", "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"}, {"source": "cve@mitre.org", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16802"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2008-0630.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/18755"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19187"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/19303"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/20899"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31493"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/488"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2006/dsa-996"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2006_38_security.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.redhat.com/support/errata/RHSA-2008-0261.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/425966/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/16802"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24954"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "openmotif21-0:2.1.30-9.RHEL3.8", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "perl-Crypt-CBC-0:2.24-1.el3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modjk-0:1.2.23-2rhn.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel3", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0524", "cpe": "cpe:/a:redhat:network_satellite:4.2::el3", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 4.2 (RHEL3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "openmotif21-0:2.1.30-11.RHEL4.6", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modjk-0:1.2.23-2rhn.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "rhn-modssl-0:2.8.12-8.rhn.10.rhel4", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0261", "cpe": "cpe:/a:redhat:network_satellite:5.0:el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.0", "release_date": "2008-05-20T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "jfreechart-0:0.9.20-3.rhn", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "mod_perl-0:2.0.2-12.el4", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "perl-Crypt-CBC-0:2.24-1.el4", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "rhn-web-0:5.1.1-7", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}, {"advisory": "RHSA-2008:0630", "cpe": "cpe:/a:redhat:network_satellite:5.1::el4", "package": "tomcat5-0:5.0.30-0jpp_10rh", "product_name": "Red Hat Network Satellite Server v 5.1", "release_date": "2008-08-13T00:00:00Z"}], "bugzilla": {"description": "perl-Crypt-CBC weaker encryption with some ciphers", "id": "430522", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430522"}, "csaw": false, "details": ["Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael."], "name": "CVE-2006-0898", "public_date": "2006-02-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-0898\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-0898"], "threat_severity": "Low"}

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object