Description

The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

References

http://marc.info/?l=linux-kernel&m=118128610219959&w=2

http://marc.info/?l=linux-kernel&m=118128622431272&w=2

http://osvdb.org/37114

http://secunia.com/advisories/25596

http://secunia.com/advisories/25700

http://secunia.com/advisories/25961

http://secunia.com/advisories/26133

http://secunia.com/advisories/26139

http://secunia.com/advisories/26450

http://secunia.com/advisories/26620

http://secunia.com/advisories/26664

http://www.debian.org/security/2007/dsa-1356

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4

http://www.mandriva.com/security/advisories?name=MDKSA-2007:171

http://www.mandriva.com/security/advisories?name=MDKSA-2007:196

http://www.mandriva.com/security/advisories?name=MDKSA-2007:216

http://www.novell.com/linux/security/advisories/2007_43_kernel.html

http://www.novell.com/linux/security/advisories/2007_51_kernel.html

http://www.securityfocus.com/bid/24390

http://www.securitytracker.com/id?1018248

http://www.ubuntu.com/usn/usn-470-1

http://www.ubuntu.com/usn/usn-486-1

http://www.ubuntu.com/usn/usn-489-1

http://www.vupen.com/english/advisories/2007/2105

https://exchange.xforce.ibmcloud.com/vulnerabilities/34781

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9960

https://rhn.redhat.com/errata/RHSA-2007-0376.html

Details

Risk Information

CVSS v2