Vulnerabilities > CVE-2012-1577 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
lib/libc/stdlib/random.c in OpenBSD returns 0 when seeded with 0.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
OS | 1 | |
OS | 3 | |
Application | 1 |
Common Weakness Enumeration (CWE)
References
- http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16
- http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16
- http://www.openwall.com/lists/oss-security/2012/03/23/14
- http://www.openwall.com/lists/oss-security/2012/03/23/14
- https://github.com/ensc/dietlibc/blob/master/CHANGES
- https://github.com/ensc/dietlibc/blob/master/CHANGES
- https://security-tracker.debian.org/tracker/CVE-2012-1577
- https://security-tracker.debian.org/tracker/CVE-2012-1577