CVE-2000-0535
UnknownEPSS 1.44%
Last modified
CVE-2000-0535 is a vulnerability of currently unknown severity. OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.. EPSS estimates a 1.44% chance of exploitation in the next 30 days.
Description
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Openssl | Openssl | 0.9.4 | — |
| Freebsd | Freebsd | 4.0 | Alpha |
| Freebsd | Freebsd | 5.0 | Alpha |
References
- http://archives.neohapsis.com/archives/freebsd/2000-06/0083.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/1340Patch, Vendor Advisory
- http://archives.neohapsis.com/archives/freebsd/2000-06/0083.htmlPatch, Vendor Advisory
- http://www.securityfocus.com/bid/1340Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2000-0535?
OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
How severe is CVE-2000-0535?
Severity scoring for CVE-2000-0535 is pending analysis. The EPSS model estimates a 1.44% probability of exploitation in the next 30 days.
How do I fix CVE-2000-0535?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2000-0535?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST