CVE-2009-3238

Sažetak

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://patchwork.kernel.org/patch/21766/
http://secunia.com/advisories/37105
http://secunia.com/advisories/37351
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30
http://www.redhat.com/support/errata/RHSA-2009-1438.html
http://www.ubuntu.com/usn/USN-852-1
https://bugzilla.redhat.com/show_bug.cgi?id=499785
https://bugzilla.redhat.com/show_bug.cgi?id=519692
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11168
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03836en_us

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

15-02-2024 - 03:30

Objavljeno

18-09-2009 - 10:30