CVE-2006-0353

Current Description

unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys.

Basic Data

PublishedJanuary 22, 2006
Last ModifiedJuly 20, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-200
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:L/AC:L/Au:N/C:P/I:N/A:P
CVSS 2 - Access VectorLOCAL
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactPARTIAL
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score3.6
SeverityLOW
Exploitability Score3.9
Impact Score4.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationGnuLsh2.0.1*******

Vulnerable Software List

VendorProductVersions
Gnu Lsh 2.0.1

References

NameSourceURLTags
[lsh-bugs] SECURITY: lshd leaks fd:s to user shellshttp://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.htmlMLISTVendor Advisory
18564http://secunia.com/advisories/18564SECUNIAPatch Vendor Advisory
18623http://secunia.com/advisories/18623SECUNIAPatch Vendor Advisory
DSA-956http://www.debian.org/security/2006/dsa-956DEBIANPatch Vendor Advisory
22695http://www.osvdb.org/22695OSVDB
16357http://www.securityfocus.com/bid/16357BIDPatch
ADV-2006-0301http://www.vupen.com/english/advisories/2006/0301VUPENVendor Advisory
lsh-file-descriptor-leak(24263)https://exchange.xforce.ibmcloud.com/vulnerabilities/24263XF