Secunia
Login
|
|
CVE Reference: CVE-2009-3238 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2009-3238 |
|
|
Description: The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." |
|
|
CVE Status: Candidate |
|
|
References: UBUNTU http://www.ubuntu.com/usn/USN-852-1 SUSE http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html SAID Secunia Advisory: SA37351 Secunia Advisory: SA37105 REDHAT http://www.redhat.com/support/errata/RHSA-2009-1438.html OVAL http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11168 CONFIRM http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30 http://patchwork.kernel.org/patch/21766/ http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8a0a9bd4db63bc45e3017bedeafbd88d0eb84d02 |
|
| Return to the previous page. |
