What is the severity of CVE-2007-6150?

CVE-2007-6150 is classified as a moderate severity vulnerability due to its ability to allow local users to access sensitive random values.

How do I fix CVE-2007-6150?

To fix CVE-2007-6150, you should upgrade your FreeBSD version to one that includes the security patch for this vulnerability.

Which FreeBSD versions are affected by CVE-2007-6150?

CVE-2007-6150 affects FreeBSD versions 5.5, 6.1 through 6.3, and 7.0 beta 4.

What exploits are associated with CVE-2007-6150?

CVE-2007-6150 could be exploited by local users to obtain previous random values, potentially bypassing security mechanisms.

Is CVE-2007-6150 a remote or local vulnerability?

CVE-2007-6150 is a local vulnerability that requires local access to the FreeBSD system.

Vulnerability/
CVE-2007-6150

low

2.1

CWE

200

30/11/2007

29/7/2017

CVE-2007-6150: Infoleak

First published: Fri Nov 30 2007(Updated: )

The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
FreeBSD Kernel	=6.1
FreeBSD Kernel	=6.3
FreeBSD Kernel	=5.5
FreeBSD Kernel	=6.2
FreeBSD Kernel	=7.0-beta_4

Remedy

http://security.FreeBSD.org/advisories/FreeBSD-SA-07:09.random.asc

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2007-6150?
CVE-2007-6150 is classified as a moderate severity vulnerability due to its ability to allow local users to access sensitive random values.
How do I fix CVE-2007-6150?
To fix CVE-2007-6150, you should upgrade your FreeBSD version to one that includes the security patch for this vulnerability.
Which FreeBSD versions are affected by CVE-2007-6150?
CVE-2007-6150 affects FreeBSD versions 5.5, 6.1 through 6.3, and 7.0 beta 4.
What exploits are associated with CVE-2007-6150?
CVE-2007-6150 could be exploited by local users to obtain previous random values, potentially bypassing security mechanisms.
Is CVE-2007-6150 a remote or local vulnerability?
CVE-2007-6150 is a local vulnerability that requires local access to the FreeBSD system.

agent/weakness
agent/references
agent/author
agent/severity
agent/type
agent/event
agent/description
agent/last-modified-date
agent/softwarecombine
agent/remedy
agent/first-publish-date
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
vendor/freebsd
canonical/freebsd kernel
version/freebsd kernel/6.1
version/freebsd kernel/6.3
version/freebsd kernel/5.5
version/freebsd kernel/6.2
version/freebsd kernel/7.0-beta_4

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.