ID |
CVE-2014-0017
|
Summary |
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*
-
cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.6.2:*:*:*:*:*:*:*
|
CVSS |
Base: | 1.9 (as of 26-03-2014 - 04:55) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-310 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
LOCAL |
MEDIUM |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
NONE |
NONE |
|
cvss-vector
via4
|
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
refmap
via4
|
confirm | | debian | DSA-2879 | mlist | [oss-security] 20140305 libssh and stunnel PRNG flaws | secunia | 57407 | suse | - openSUSE-SU-2014:0366
- openSUSE-SU-2014:0370
| ubuntu | USN-2145-1 |
|
Last major update |
26-03-2014 - 04:55 |
Published |
14-03-2014 - 15:55 |
Last modified |
26-03-2014 - 04:55 |