{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-12-05T00:00:00", "descriptions": [{"lang": "en", "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "classpath-gnujavasecurityutil-weak-security(47574)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"}, {"name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5659", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "classpath-gnujavasecurityutil-weak-security(47574)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"}, {"name": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417", "refsource": "CONFIRM", "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"}, {"name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T11:04:43.494Z"}, "title": "CVE Program Container", "references": [{"name": "classpath-gnujavasecurityutil-weak-security(47574)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"}, {"name": "[oss-security] 20081206 CVE request: weak PRNG in GNU Classpath", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5659", "datePublished": "2008-12-17T20:00:00", "dateReserved": "2008-12-17T00:00:00", "dateUpdated": "2024-08-07T11:04:43.494Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gnu:classpath:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A0CF267-C19F-4B32-A4E4-D515D3D7725B", "versionEndIncluding": "0.97.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.6:*:*:*:*:*:*:*", "matchCriteriaId": "73D8EFC5-F994-475D-9072-A0EB5EE93223", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "ACEF6059-1270-45A8-A5F3-BC806ACA3DA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.8:*:*:*:*:*:*:*", "matchCriteriaId": "22290A7B-CD78-48EF-A180-3C470DE74587", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.9:*:*:*:*:*:*:*", "matchCriteriaId": "D8F79579-AFB2-4DDA-A37C-CF0540770C35", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.10:*:*:*:*:*:*:*", "matchCriteriaId": "34F6C9C7-0CEE-4BBB-9E77-B8727342C7EC", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.11:*:*:*:*:*:*:*", "matchCriteriaId": "C621A667-FA3A-4460-9409-827FB707D86F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.12:*:*:*:*:*:*:*", "matchCriteriaId": "FBAC1BF2-C7AE-4BB4-86FA-CFC0F8125F49", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.13:*:*:*:*:*:*:*", "matchCriteriaId": "E17B6783-C80E-4600-B449-4ACA3F2D1AD6", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.14:*:*:*:*:*:*:*", "matchCriteriaId": "CDF9A1B0-80CF-4690-9142-F8CC1672DBDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.15:*:*:*:*:*:*:*", "matchCriteriaId": "0F9C041D-9CCB-4B70-8C34-553DA84F9298", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.16:*:*:*:*:*:*:*", "matchCriteriaId": "83CB8D0F-DA54-4126-81F2-CA7818129DAA", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.17:*:*:*:*:*:*:*", "matchCriteriaId": "EBA61C96-281A-455D-B065-704825B76A70", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.18:*:*:*:*:*:*:*", "matchCriteriaId": "D4556AEA-F27E-4E5B-91F2-685A1DC925D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.19:*:*:*:*:*:*:*", "matchCriteriaId": "73FFB9ED-4541-4211-A7AF-89EB4BF2A59B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.20:*:*:*:*:*:*:*", "matchCriteriaId": "89BBB5A7-5859-4DF0-9A36-6C8450BD222B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.90:*:*:*:*:*:*:*", "matchCriteriaId": "075463D4-5243-48C6-83AC-15861484719B", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.91:*:*:*:*:*:*:*", "matchCriteriaId": "0561E70B-32A7-437C-803C-3A86A1C16D7C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.92:*:*:*:*:*:*:*", "matchCriteriaId": "526F80F6-F252-4706-B8AE-206DF74C5D09", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.93:*:*:*:*:*:*:*", "matchCriteriaId": "4B933028-5D62-4120-A30F-4F88246915D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.95:*:*:*:*:*:*:*", "matchCriteriaId": "34024488-0741-429A-BCC6-0A7C1C7E7C8E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.96:*:*:*:*:*:*:*", "matchCriteriaId": "2E223B28-1380-4D91-A3C2-B6093C6E4F8A", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.96.1:*:*:*:*:*:*:*", "matchCriteriaId": "178581EE-168B-42DC-9A13-E181BFDE4AB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.97:*:*:*:*:*:*:*", "matchCriteriaId": "037C8E1E-EA1A-435A-B463-60B725B51F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:gnu:classpath:0.97.1:*:*:*:*:*:*:*", "matchCriteriaId": "282BE66F-A823-4A48-B028-014C8BFE9C20", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."}, {"lang": "es", "value": "La clase gnu.java.security.util.PRNG en GNU Classpath 0.97.2 y versiones anteriores usa una semilla predecible basada en la hora del sistema, la cual hace m\u00e1s f\u00e1cil para atacantes dependientes de contexto, guiar un ataque de fuerza bruta contra rutinas criptogr\u00e1ficas que usa esta clase para la aletoriedad, como se demuestra contra claves privadas DSA."}], "id": "CVE-2008-5659", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-12-17T20:30:01.030", "references": [{"source": "cve@mitre.org", "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38417"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/12/06/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47574"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-310"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "gnu.java.security.util.PRNG produces easily predictable values", "id": "477212", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=477212"}, "csaw": false, "cvss": {"cvss_base_score": "3.6", "cvss_scoring_vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "status": "draft"}, "details": ["The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys."], "name": "CVE-2008-5659", "public_date": "2008-12-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2008-5659"], "statement": "The risks associated with fixing this bug are greater than the low severity\nsecurity risk. We therefore currently have no plans to fix this flaw in\nRed Hat Enterprise Linux 5.", "threat_severity": "Low"}

{}