Local User Vulnerability in libnet-ssleay-perl by The Perl Foundation
CVE-2005-0106

Currently unrated

Key Information:

Vendor: Ubuntu
Status: Ubuntu Linux
Vendor: CVE Published:; 3 May 2005

What is CVE-2005-0106?

The libnet-ssleay-perl library, specifically the SSLeay.pm module, contains a vulnerability that allows local users to diminish the cryptographic strength of certain operations. This occurs when the EGD_PATH variable is not set, causing the system to utilize the /tmp/entropy file. By modifying this file, local users can compromise the security measures designed to protect sensitive cryptographic processes.

References

https://usn.ubuntu.com/113-1/

vendor-advisoryx_refsource_UBUNTU

http://secunia.com/advisories/18639

third-party-advisoryx_refsource_SECUNIA

http://www.mandriva.com/security/advisories?name=MDKSA-20...

vendor-advisoryx_refsource_MANDRIVA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2005
Vulnerability Reserved
Jan 18, 2005

Ubuntu

What is CVE-2005-0106?

References

Timeline