ID CVE-2015-5276
Summary The std::random_device class in libstdc++ in the GNU Compiler Collection (aka GCC) before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors.
References
Vulnerable Configurations
  • GNU gcc
    cpe:2.3:a:gnu:gcc
  • GNU gcc 3.3.3
    cpe:2.3:a:gnu:gcc:3.3.3
  • GNU gcc 4.1
    cpe:2.3:a:gnu:gcc:4.1
CVSS
Base: 5.0 (as of 18-11-2015 - 10:28)
Impact:
Exploitability:
CWE CWE-200
CAPEC
  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.
  • Reusing Session IDs (aka Session Replay)
    This attack targets the reuse of valid session ID to spoof the target system in order to gain privileges. The attacker tries to reuse a stolen session ID used previously during a transaction to perform spoofing and session hijacking. Another name for this type of attack is Session Replay.
  • Using Slashes in Alternate Encoding
    This attack targets the encoding of the Slash characters. An attacker would try to exploit common filtering problems related to the use of the slashes characters to gain access to resources on the target host. Directory-driven systems, such as file systems and databases, typically use the slash character to indicate traversal between directories or other container components. For murky historical reasons, PCs (and, as a result, Microsoft OSs) choose to use a backslash, whereas the UNIX world typically makes use of the forward slash. The schizophrenic result is that many MS-based systems are required to understand both forms of the slash. This gives the attacker many opportunities to discover and abuse a number of common filtering problems. The goal of this pattern is to discover server software that only applies filters to one version, but not the other.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2016-472.NASL
    description The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed : - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The following non-security issues have been fixed : - Enable frame pointer for TARGET_64BIT_MS_ABI when stack is misaligned. Fixes internal compiler error when building Wine. (bsc#966220) - Fix a PowerPC specific issue in gcc-go that broke compilation of newer versions of Docker. (bsc#964468) - Fix HTM built-ins on PowerPC. (bsc#955382) - Fix libgo certificate lookup. (bsc#953831) - Suppress deprecated-declarations warnings for inline definitions of deprecated virtual methods. (bsc#939460) - Build s390[x] with '--with-tune=z9-109 --with-arch=z900' on SLE11 again. (bsc#954002) - Revert accidental libffi ABI breakage on aarch64. (bsc#968771) - On x86_64, set default 32bit code generation to -march=x86-64 rather than -march=i586. - Add experimental File System TS library. This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2016-04-18
    plugin id 90562
    published 2016-04-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90562
    title openSUSE Security Update : gcc5 (openSUSE-2016-472)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-723.NASL
    description This update for GCC 4.8 provides the following fixes : - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) - Fix linker segmentation fault when building SLOF on ppc64le. (bsc#949000) - Fix no_instrument_function attribute handling on PPC64 with -mprofile-kernel. (bsc#947791) - Fix internal compiler error with aarch64 target using PCH and builtin functions. (bsc#947772) - Fix libffi issues on aarch64. (bsc#948168)
    last seen 2019-02-21
    modified 2015-11-20
    plugin id 86960
    published 2015-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86960
    title openSUSE Security Update : gcc48 (openSUSE-2015-723)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-1833-1.NASL
    description This update for GCC 4.8 provides the following fixes : - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) - Fix linker segmentation fault when building SLOF on ppc64le. (bsc#949000) - Fix no_instrument_function attribute handling on PPC64 with -mprofile-kernel. (bsc#947791) - Fix internal compiler error with aarch64 target using PCH and builtin functions. (bsc#947772) - Fix libffi issues on aarch64. (bsc#948168) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 86648
    published 2015-10-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86648
    title SUSE SLED12 / SLES12 Security Update : gcc48 (SUSE-SU-2015:1833-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0908-2.NASL
    description The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed : - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90303
    published 2016-04-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90303
    title SUSE SLED11 / SLES11 Security Update : gcc5 (SUSE-SU-2016:0908-2)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2017-2235-1.NASL
    description This update for MozillaFirefox and mozilla-nss fixes the following issues: Security issues fixed : - Fixes in Firefox ESR 52.2 (bsc#1043960,MFSA 2017-16) - CVE-2017-7758: Out-of-bounds read in Opus encoder - CVE-2017-7749: Use-after-free during docshell reloading - CVE-2017-7751: Use-after-free with content viewer listeners - CVE-2017-5472: Use-after-free using destroyed node when regenerating trees - CVE-2017-5470: Memory safety bugs fixed in Firefox 54 and Firefox ESR 52.2 - CVE-2017-7752: Use-after-free with IME input - CVE-2017-7750: Use-after-free with track elements - CVE-2017-7768: 32 byte arbitrary file read through Mozilla Maintenance Service - CVE-2017-7778: Vulnerabilities in the Graphite 2 library - CVE-2017-7754: Out-of-bounds read in WebGL with ImageInfo object - CVE-2017-7755: Privilege escalation through Firefox Installer with same directory DLL files - CVE-2017-7756: Use-after-free and use-after-scope logging XHR header errors - CVE-2017-7757: Use-after-free in IndexedDB - CVE-2017-7761: File deletion and privilege escalation through Mozilla Maintenance Service helper.exe application - CVE-2017-7763: Mac fonts render some unicode characters as spaces - CVE-2017-7765: Mark of the Web bypass when saving executable files - CVE-2017-7764: Domain spoofing with combination of Canadian Syllabics and other unicode blocks - update to Firefox ESR 52.1 (bsc#1035082,MFSA 2017-12) - CVE-2016-10196: Vulnerabilities in Libevent library - CVE-2017-5443: Out-of-bounds write during BinHex decoding - CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1 - CVE-2017-5464: Memory corruption with accessibility and DOM manipulation - CVE-2017-5465: Out-of-bounds read in ConvolvePixel - CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL - CVE-2017-5467: Memory corruption when drawing Skia content - CVE-2017-5460: Use-after-free in frame selection - CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS - CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor - CVE-2017-5449: Crash during bidirectional unicode manipulation with animation - CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data - CVE-2017-5447: Out-of-bounds read during glyph processing - CVE-2017-5444: Buffer overflow while parsing application/http-index-format content - CVE-2017-5445: Uninitialized values used while parsing application/http- index-format content - CVE-2017-5442: Use-after-free during style changes - CVE-2017-5469: Potential Buffer overflow in flex-generated code - CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing - CVE-2017-5441: Use-after-free with selection during scroll events - CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing - CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing - CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2 - CVE-2017-5435: Use-after-free during transaction processing in the editor - CVE-2017-5434: Use-after-free during focus handling - CVE-2017-5433: Use-after-free in SMIL animation functions - CVE-2017-5432: Use-after-free in text input selection - CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1 - CVE-2017-5459: Buffer overflow in WebGL - CVE-2017-5462: DRBG flaw in NSS - CVE-2017-5455: Sandbox escape through internal feed reader APIs - CVE-2017-5454: Sandbox escape allowing file system read access through file picker - CVE-2017-5456: Sandbox escape allowing local file system access - CVE-2017-5451: Addressbar spoofing with onblur event - General - CVE-2015-5276: Fix for C++11 std::random_device short reads (bsc#945842) Bugfixes : - workaround for Firefox hangs (bsc#1031485, bsc#1025108) - Update to gcc-5-branch head. - Includes fixes for (bsc#966220), (bsc#962765), (bsc#964468), (bsc#939460), (bsc#930496), (bsc#930392) and (bsc#955382). - Add fix to revert accidential libffi ABI breakage on AARCH64. (bsc#968771) - Build s390[x] with --with-tune=z9-109 --with-arch=z900 on SLE11 again. (bsc#954002) - Fix libffi include install. (bsc#935510) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-30
    plugin id 102694
    published 2017-08-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=102694
    title SUSE SLES11 Security Update : MozillaFirefox, MozillaFirefox-branding-SLED, firefox-gcc5, mozilla-nss (SUSE-SU-2017:2235-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2016-0963-1.NASL
    description The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed : - Fix C++11 std::random_device short read issue that could lead to predictable randomness. (CVE-2015-5276, bsc#945842) The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 90420
    published 2016-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=90420
    title SUSE SLED12 / SLES12 Security Update : gcc5 (SUSE-SU-2016:0963-1)
refmap via4
confirm
sectrack 1034375
suse
  • openSUSE-SU-2015:1946
  • openSUSE-SU-2016:1069
Last major update 07-12-2016 - 13:16
Published 17-11-2015 - 10:59
Last modified 12-02-2019 - 14:05
Back to Top