Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-0017

The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.

Related bugs and status

CVE-2014-0017 (Candidate) is related to these bugs:

Bug #1288631: x2goclient using high cpu

		In	Importance	Status
1288631	x2goclient using high cpu	x2goclient (Ubuntu)	High	Fix Released
1288631	x2goclient using high cpu	x2goclient (Debian)	Unknown	Fix Released
1288631	x2goclient using high cpu	x2goclient (Ubuntu Trusty)	High	Fix Released
1288631	x2goclient using high cpu	x2goclient (Ubuntu Utopic)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/adv...
MISC: http://www.debian.org/...
MISC: http://www.ubuntu.com/...
MISC: http://www.openwall.co...
MISC: http://www.libssh.org/...
MISC: https://bugzilla.redha...
MISC: http://lists.opensuse....
MISC: http://lists.opensuse....