VDB
CVE-2007-6150
CVE-2007-6150
PUBLISHED
CVSS 2.0999999046325684 LOW
The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.
EPSS 0.08% · 22.7th percentile
Risk Scores
CVSS 2.0
2.0999999046325684
EPSS Score
0.08%
22.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| freebsd | freebsd | 6.1, 6.3, 7.0 |
| n/a | n/a | n/a |
Timeline
- Nov 30, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 26642 vdb
- FreeBSD-SA-07:09 vendor-advisory
- 1019022 vdb
- freebsd-sysdevrandom-information-disclosure(38764) vdb
- 27879 third-party-advisory
- 39600 vdb
- ADV-2007-4053 vdb
- https://nvd.nist.gov/vuln/detail/CVE-2007-6150 advisory