Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE for OpenBSD random() bug?
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Mar 2012 22:51:13 -0600

https://banu.com/blog/42/openbsd-bug-in-the-random-function/

http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/stdlib/random.c#rev1.16

Fix a bug where random() always returns 0 when srandom() is seeded
with 0.  Use 1 and not 0 as the first element of the state array,
similar to what glibc does.  OK nicm@

It would seem this fits into the "weaker then advertised" class of
security problem. Thoughts/comments (anyone strongly against this)?

-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault