CVE-2001-1141
First published: Tue Jul 10 2001(Updated: )
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenSSL libcrypto | =0.9.3 | |
| OpenSSL libcrypto | =0.9.1c | |
| OpenSSL libcrypto | =0.9.6 | |
| OpenSSL libcrypto | =0.9.6a | |
| OpenSSL libcrypto | =0.9.4 | |
| SSLeay | =0.9 | |
| SSLeay | =0.9.1 | |
| SSLeay | =0.8.1 | |
| OpenSSL libcrypto | =0.9.2b | |
| OpenSSL libcrypto | =0.9.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/archive/1/195829
- http://www.redhat.com/support/errata/RHSA-2001-051.html
- http://www.securityfocus.com/bid/3004
- http://www.securityfocus.com/advisories/3475
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
- http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
- http://www.linuxsecurity.com/advisories/other_advisory-1483.html
- http://www.osvdb.org/853
- https://exchange.xforce.ibmcloud.com/vulnerabilities/6823
Frequently Asked Questions
What is the severity of CVE-2001-1141?
CVE-2001-1141 is considered a high-severity vulnerability due to its potential to allow attackers to predict future random numbers.
How do I fix CVE-2001-1141?
To fix CVE-2001-1141, upgrade OpenSSL to version 0.9.6b or later.
What versions of software are affected by CVE-2001-1141?
CVE-2001-1141 affects OpenSSL versions prior to 0.9.6b and various versions of SSLeay.
What is the impact of exploiting CVE-2001-1141?
Exploiting CVE-2001-1141 can allow attackers to predict cryptographic keys and compromise secure communications.
Who is most at risk from CVE-2001-1141?
Organizations using vulnerable versions of OpenSSL or SSLeay for secure communications are at the highest risk from CVE-2001-1141.
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/openssl
- canonical/openssl libcrypto
- version/openssl libcrypto/0.9.3
- version/openssl libcrypto/0.9.1c
- version/openssl libcrypto/0.9.6
- version/openssl libcrypto/0.9.6a
- version/openssl libcrypto/0.9.4
- vendor/ssleay
- canonical/ssleay
- version/ssleay/0.9
- version/ssleay/0.9.1
- version/ssleay/0.8.1
- version/openssl libcrypto/0.9.2b
- version/openssl libcrypto/0.9.5