Описание
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 0.6.1-0ubuntu3 |
| lucid | ignored | end of life |
| precise | released | 0.5.2-1ubuntu0.12.04.3 |
| quantal | released | 0.5.2-1ubuntu0.12.10.3 |
| saucy | released | 0.5.4-1ubuntu0.1 |
| upstream | released | 0.6.3 |
Показывать по
EPSS
1.9 Low
CVSS2
Связанные уязвимости
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
The RAND_bytes function in libssh before 0.6.3, when forking is enable ...
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность защищаемой информации
EPSS
1.9 Low
CVSS2