CVE-2007-6150
FreeBSD 5.5 6.1-6.3 7.0 beta 4 - Unauthorized Sensitive Information Exposure via Random Device State Tracking
Title source: llmDescription
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26642
Patch vendor-advisory
x_refsource_freebsd
http://security.FreeBSD.org/advisories/FreeBSD-SA-07:09.random.asc
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1019022
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/38764
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27879
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39600
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4053
Scores
EPSS
0.0008
EPSS Percentile
22.4%
Details
CWE
CWE-200
Status
published
Products (5)
freebsd/freebsd
5.5
freebsd/freebsd
6.1
freebsd/freebsd
6.2
freebsd/freebsd
6.3
freebsd/freebsd
7.0 beta_4
Published
Nov 30, 2007
Tracked Since
Feb 18, 2026