oss-sec mailing list archives
CVE for OpenBSD random() bug?
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Mar 2012 22:51:13 -0600
https://banu.com/blog/42/openbsd-bug-in-the-random-function/ http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16 Fix a bug where random() always returns 0 when srandom() is seeded with 0. Use 1 and not 0 as the first element of the state array, similar to what glibc does. OK nicm@ It would seem this fits into the "weaker then advertised" class of security problem. Thoughts/comments (anyone strongly against this)? -- Kurt Seifried Red Hat Security Response Team (SRT)
Current thread:
- CVE for OpenBSD random() bug? Kurt Seifried (Mar 21)
- Re: CVE for OpenBSD random() bug? Todd C. Miller (Mar 22)
- Re: CVE for OpenBSD random() bug? Kurt Seifried (Mar 23)
- Re: CVE for OpenBSD random() bug? Todd C. Miller (Mar 22)