| Vulnerability Name: | CVE-2006-1833 (CCN-25786) | ||||||||
| Assigned: | 2006-04-13 | ||||||||
| Published: | 2006-04-13 | ||||||||
| Updated: | 2017-07-20 | ||||||||
| Summary: | Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more easily crack encryption keys generated from the interface. | ||||||||
| CVSS v3 Severity: | 3.7 Low (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Bypass Security | ||||||||
| References: | Source: NETBSD Type: UNKNOWN NetBSD-SA2006-009 Source: CCN Type: NetBSD Security Advisory 2006-009 False detection of Intel hardware RNG Source: MITRE Type: CNA CVE-2006-1833 Source: CCN Type: SA19585 NetBSD False Intel Hardware RNG Detection Security Issue Source: SECUNIA Type: Vendor Advisory 19585 Source: CCN Type: SECTRACK ID: 1015907 NetBSD Intel RNG Driver May Use a Constant Stream for Randomization Source: SECTRACK Type: UNKNOWN 1015907 Source: OSVDB Type: UNKNOWN 24577 Source: CCN Type: OSVDB ID: 24577 NetBSD Intel Hardware Random Number Generator (RNG) Failure Encryption Weakness Source: BID Type: UNKNOWN 17496 Source: CCN Type: BID-17496 NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness Source: XF Type: UNKNOWN netbsd-intel-rng-security-bypass(25786) Source: XF Type: UNKNOWN netbsd-intel-rng-security-bypass(25786) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||