Vigil@nce - IBM Tivoli Directory Server, Security Directory Server: two vulnerabilities of GSKit
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of GSKit of IBM Tivoli
Directory Server, Security Directory Server.
Impacted products: Security Directory Server.
Severity: 1/4.
Creation date: 26/01/2016.
DESCRIPTION OF THE VULNERABILITY
IBM Security Directory Server use the GSKit component, which
provides a pseudo random number generator.
In order to keep the PRNG output unpredictable, the PRNG internal
state must be unpredictable, unccopyable and never restored.
However, a user program can create child process with the fork()
system call that duplicates the whole virtual memory of the
calling process. So the child processes start with the same state
than their parent and so may produce the same pseudo-random
sequence.
The internal state of the GSKit PRNG is so duplicated.
[severity:1/4; CVE-2015-7420]
The internal state of the "ICC PRNG" of GSKit is so duplicated.
[severity:1/4; CVE-2015-7421]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN