Back to search
CVE-2014-0017
Published: Mar 14, 2014
Modified: Aug 6, 2024
PUBLISHED
Description
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
USN-2145-1
vendor-advisory
x_refsource_UBUNTU
DSA-2879
vendor-advisory
x_refsource_DEBIAN
openSUSE-SU-2014:0366
vendor-advisory
x_refsource_SUSE
57407
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20140305 libssh and stunnel PRNG flaws
mailing-list
x_refsource_MLIST
http://www.libssh.org/2014/03/04/libssh-0-6-3-security-release/
x_refsource_CONFIRM
openSUSE-SU-2014:0370
vendor-advisory
x_refsource_SUSE
https://bugzilla.redhat.com/show_bug.cgi?id=1072191
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now