Vulnerabilities > CVE-2018-1426 - Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) vulnerability in IBM DB2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 | |
OS | 1 | |
OS | 1 |
Common Weakness Enumeration (CWE)
References
- http://www.ibm.com/support/docview.wss?uid=swg22013756
- http://www.ibm.com/support/docview.wss?uid=swg22013756
- http://www.securityfocus.com/bid/105580
- http://www.securityfocus.com/bid/105580
- http://www.securitytracker.com/id/1041012
- http://www.securitytracker.com/id/1041012
- https://exchange.xforce.ibmcloud.com/vulnerabilities/139071
- https://exchange.xforce.ibmcloud.com/vulnerabilities/139071