Weekly Vulnerabilities Reports > September 14 to 20, 2009

Overview

1 new vulnerabilities reported during this period, including 0 critical vulnerabilities and 0 high severity vulnerabilities. This weekly summary report vulnerabilities in 5 products from 4 vendors including Linux, Opensuse, Suse, and Canonical. Vulnerabilities are notably categorized as and "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)".

  • Linux has the most reported vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

0 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

0 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS

1 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2009-09-18 CVE-2009-3238 Linux
Canonical
Opensuse
Suse
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

5.5

0 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS