Vigil@nce - libssh, stunnel: shared random via fork
March 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use a process of libssh or stunnel, which has the
same randoms that another process, in order to possibly decrypt
this session.
Impacted products: Debian, Fedora, MBS, openSUSE, stunnel, Ubuntu,
Unix (platform)
Severity: 2/4
Creation date: 06/03/2014
DESCRIPTION OF THE VULNERABILITY
The libssh library and stunnel use OpenSSL to generate random
numbers.
When a new process is started via the fork() function, it has to
reset its PRNG state, otherwise two processes may get the same
suite of random numbers via the OpenSSL RAND_bytes() function.
However, libssh and stunnel do not do it.
An attacker can therefore use a process of libssh or stunnel,
which has the same randoms that another process, in order to
possibly decrypt this session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/libssh-stunnel-shared-random-via-fork-14366