Vulnerabilities

CVE-2014-0017

by Fred · 14/03/2014

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

Date published : 2014-03-14

libssh 0.6.3 (Security release)

https://bugzilla.redhat.com/show_bug.cgi?id=1072191

Similar

Tags: Cybersecurity Alert