Computer Security

FreeBSD pseudo-random numbers generator weakness
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



FreeBSD pseudo-random numbers generator weakness
Published:30.11.2007
Source:BUGTRAQ
SecurityVulns ID:8396
Type:library
Level:6/10
Description:SAme PRNG sequence may be reproduced twice under some conditions.
Affected:FREEBSD : FreeBSD 7.0
 FREEBSD : FreeBSD 6.1
 FREEBSD : FreeBSD 5.5
 FREEBSD : FreeBSD 6.2
 FREEBSD : FreeBSD 6.3
CVE:CVE-2007-6150 (The "internal state tracking" code for the random and urandom devices in FreeBSD 5.5, 6.1 through 6.3, and 7.0 beta 4 allows local users to obtain portions of previously-accessed random values, which could be leveraged to bypass protection mechanisms that rely on secrecy of those values.)
Original documentdocumentFREEBSD, FreeBSD Security Advisory FreeBSD-SA-07:09.random (30.11.2007)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server