CVE-2014-0017

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libssh:libssh:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.5:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.3:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.4:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.6.0:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.2:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.4.7:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.4.8:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.0:*:*:*:*:*:*:*
cpe:2.3:a:libssh:libssh:0.5.0:rc1:*:*:*:*:*:*

Information

Published : 2014-03-14 08:55

Updated : 2014-03-25 21:55


NVD link : CVE-2014-0017

Mitre link : CVE-2014-0017


JSON object : View

CWE
CWE-310

Cryptographic Issues

Advertisement

dedicated server usa

Products Affected

libssh

  • libssh