Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - IBM Tivoli Directory Server, Security Directory Server: two vulnerabilities of GSKit

February 2016 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of GSKit of IBM Tivoli
Directory Server, Security Directory Server.

Impacted products: Security Directory Server.

Severity: 1/4.

Creation date: 26/01/2016.

DESCRIPTION OF THE VULNERABILITY

IBM Security Directory Server use the GSKit component, which
provides a pseudo random number generator.

In order to keep the PRNG output unpredictable, the PRNG internal
state must be unpredictable, unccopyable and never restored.
However, a user program can create child process with the fork()
system call that duplicates the whole virtual memory of the
calling process. So the child processes start with the same state
than their parent and so may produce the same pseudo-random
sequence.

The internal state of the GSKit PRNG is so duplicated.
[severity:1/4; CVE-2015-7420]

The internal state of the "ICC PRNG" of GSKit is so duplicated.
[severity:1/4; CVE-2015-7421]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/IBM-Tivoli-Directory-Server-Security-Directory-Server-two-vulnerabilities-of-GSKit-18820


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts