Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Linux kernel: predictability of net_get_random_once

October 2014 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can predict randoms of features using the
net_get_random_once() function of the Linux kernel, in order to
spoof a network session.

 Impacted products: Linux
 Severity: 2/4
 Creation date: 02/10/2014

DESCRIPTION OF THE VULNERABILITY

The Linux kernel uses the net_get_random_once() function to
generate a random, which is then used to generate the net_secret,
syncookie_secret, and inet_ehash_secret fields (IP ID, TCP
Sequence Number, Ephemeral Port Number).

However, in some cases, this random is not initialized.

An attacker can therefore predict randoms of features using the
net_get_random_once() function of the Linux kernel, in order to
spoof a network session.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Linux-kernel-predictability-of-net-get-random-once-15435


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts