CVE-2008-5659

The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and earlier uses a predictable seed based on the system time, which makes it easier for context-dependent attackers to conduct brute force attacks against cryptographic routines that use this class for randomness, as demonstrated against DSA private keys.

Affected Software

Name	Vendor	Start Version	End Version
Classpath	Gnu	*	0.97.2 (including)
Classpath	Gnu	0.6 (including)	0.6 (including)
Classpath	Gnu	0.7 (including)	0.7 (including)
Classpath	Gnu	0.8 (including)	0.8 (including)
Classpath	Gnu	0.9 (including)	0.9 (including)
Classpath	Gnu	0.10 (including)	0.10 (including)
Classpath	Gnu	0.11 (including)	0.11 (including)
Classpath	Gnu	0.12 (including)	0.12 (including)
Classpath	Gnu	0.13 (including)	0.13 (including)
Classpath	Gnu	0.14 (including)	0.14 (including)
Classpath	Gnu	0.15 (including)	0.15 (including)
Classpath	Gnu	0.16 (including)	0.16 (including)
Classpath	Gnu	0.17 (including)	0.17 (including)
Classpath	Gnu	0.18 (including)	0.18 (including)
Classpath	Gnu	0.19 (including)	0.19 (including)
Classpath	Gnu	0.20 (including)	0.20 (including)
Classpath	Gnu	0.90 (including)	0.90 (including)
Classpath	Gnu	0.91 (including)	0.91 (including)
Classpath	Gnu	0.92 (including)	0.92 (including)
Classpath	Gnu	0.93 (including)	0.93 (including)
Classpath	Gnu	0.95 (including)	0.95 (including)
Classpath	Gnu	0.96 (including)	0.96 (including)
Classpath	Gnu	0.96.1 (including)	0.96.1 (including)
Classpath	Gnu	0.97 (including)	0.97 (including)
Classpath	Gnu	0.97.1 (including)	0.97.1 (including)
Classpath	Ubuntu	dapper	*
Classpath	Ubuntu	gutsy	*
Classpath	Ubuntu	hardy	*
Classpath	Ubuntu	intrepid	*
Classpath	Ubuntu	jaunty	*
Classpath	Ubuntu	karmic	*
Classpath	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5659
CWE	https://cwe.mitre.org/data/definitions/310.html

Affected Software

References