Home page logo

oss-sec logo oss-sec mailing list archives

CVE for OpenBSD random() bug?
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Mar 2012 22:51:13 -0600



Fix a bug where random() always returns 0 when srandom() is seeded
with 0.  Use 1 and not 0 as the first element of the state array,
similar to what glibc does.  OK nicm@

It would seem this fits into the "weaker then advertised" class of
security problem. Thoughts/comments (anyone strongly against this)?

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]