Vulnerabilities > CVE-2011-0766 - Cryptographic Issues vulnerability in multiple products

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

ssh

erlang

CWE-310

nessus

NVD

Published: 2011-05-31

Updated: 2023-09-25

Summary

The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys.

Vulnerable Configurations

Part	Description	Count
Application	Ssh SSH SSH 1.2.0 SSH SSH 1.2.1 SSH SSH 1.2.2 SSH SSH 1.2.3 SSH SSH 1.2.4 SSH SSH 1.2.5 SSH SSH 1.2.6 SSH SSH 1.2.7 SSH SSH 1.2.8 SSH SSH 1.2.9 SSH SSH 1.2.10 SSH SSH 1.2.11 SSH SSH 1.2.12 SSH SSH 1.2.13 SSH SSH 1.2.14 SSH SSH 1.2.15 SSH SSH 1.2.16 SSH SSH 1.2.17 SSH SSH 1.2.18 SSH SSH 1.2.19 SSH SSH 1.2.20 SSH SSH 1.2.21 SSH SSH 1.2.22 SSH SSH 1.2.23 SSH SSH 1.2.24 SSH SSH 1.2.25 SSH SSH 1.2.26 SSH SSH 1.2.27 SSH SSH 1.2.28 SSH SSH 1.2.29 SSH SSH 1.2.30 SSH SSH 1.2.31	32
Application	Erlang Erlang Erlang/Otp R14B01 Erlang Erlang/Otp R14B Erlang Erlang/Otp R11B-5 Erlang Erlang/Otp R13B03 Erlang Erlang/Otp R13B Erlang Erlang/Otp R12B-5 Erlang Erlang/Otp R13B04 Erlang Erlang/Otp R13B02-1 Erlang Erlang/Otp R14A Erlang Erlang/Otp R14B02 Erlang Crypto 1.0 Erlang Crypto 1.1 Erlang Crypto 1.1.1 Erlang Crypto 1.1.2 Erlang Crypto 1.1.3 Erlang Crypto 1.2 Erlang Crypto 1.2.1 Erlang Crypto 1.2.2 Erlang Crypto 1.2.3 Erlang Crypto 1.3 Erlang Crypto 1.4 Erlang Crypto 1.5 Erlang Crypto 1.5.1.1 Erlang Crypto 1.5.2 Erlang Crypto 1.5.2.1 Erlang Crypto 1.5.3 Erlang Crypto 1.6 Erlang Crypto 1.6.1 Erlang Crypto 1.6.2 Erlang Crypto 1.6.3 Erlang Crypto 1.6.4 Erlang Crypto 2.0 Erlang Crypto 2.0.1 Erlang Crypto 2.0.2 Erlang Crypto 2.0.2.1	35

Common Weakness Enumeration (CWE)

CWE-310 - Cryptographic Issues

Common Attack Pattern Enumeration and Classification (CAPEC)

Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-9657.NASL
description	- Ver. R14B03 - New module - diameter - Several new examples directories - Fixed building on F-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	55742
published	2011-08-01
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/55742
title	Fedora 14 : erlang-R14B-03.1.fc14 (2011-9657)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E483392786E511E0A6B4000A5E1E33C6.NASL
description	US-CERT reports : The Erlang/OTP ssh library implements a number of cryptographic operations that depend on cryptographically strong random numbers. Unfortunately the RNG used by the library is not cryptographically strong, and is further weakened by the use of predictable seed material. The RNG (Wichman-Hill) is not mixed with an entropy source.
last seen	2020-06-01
modified	2020-06-02
plugin id	54826
published	2011-05-26
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/54826
title	FreeBSD : Erlang -- ssh library uses a weak random number generator (e4833927-86e5-11e0-a6b4-000a5e1e33c6)

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2011-9598.NASL
description	- Ver. R14B03 - New module - diameter - Several new examples directories - Fixed building on F-15 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	55741
published	2011-08-01
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/55741
title	Fedora 15 : erlang-R14B-03.2.fc15 (2011-9598)

Seebug

bulletinFamily	exploit
description	Bugtraq ID: 47980 CVE ID：CVE-2011-0766 Erlang是一种通用的面向并发的编程语言，OTP是包装在Erlang中的一组库程序。 Erlang/OTP ssh库依靠强大的加密随机数实现多个加密操作，但是库使用的RNG加密不够强壮，而且使用了可预测种子数据而进一步削弱了加密强度。RNG(Wichman-Hill)没有与熵源进行混合处理。库中所有ssh连接的种子使用当前时间(大约微秒分辨率)，通过观察从这个库建立的连接时间，可猜测三个RNG种子中前两个组成部分，第三个可通过尝试每个可能的值(1..1000000)暴力破解恢复。利用库以明文kexinit消息发送的16字节随机会话cookie可更方便的猜测准确种子，此cookie是RNG序列中的17-32字节。如果能恢复会话RNG种子，攻击者可以简单的执行SSH库一样的DH密钥更换操作，并恢复会话密钥。此外，如果SSH库用于服务端连接并使用了DSA主机密钥，可从kex_dh消息中恢复私钥。私钥签名值k可从RNG种子中获取(序列中170-190字节)，因此利用kex_dh_reply消息中的公告DSA密钥数据，通过转换签名操作可恢复私钥部分。 erlang.org Erlang/OTP R14B02 erlang.org Erlang/OTP R14B01 erlang.org Erlang/OTP R14B erlang.org Erlang/OTP R14A 厂商解决方案 Erlang/OTP R14B03已经修复此漏洞，建议用户下载使用： http://www.erlang.org/download.html 用户也可参考供应商提供的如下安全补丁： https://github.com/erlang/otp/commit/f228601de45c5b53241b103af6616453c50885a5
id	SSV:20589
last seen	2017-11-19
modified	2011-05-26
published	2011-05-26
reporter	Root
title	Erlang/OTP SSH库随机数生成漏洞

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

Nessus

Seebug

References