Robert Woolley

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 6.3 through 7.1 **Description** The issue is related to the arc4random function in the kernel, which lacks a proper entropy source for a short time period immediately after boot. This makes it easier for attackers to predict the function's return values, allowing them to conduct certain attacks against the GEOM framework and various network protocols. The problem is connected to the Yarrow random number generator. **Recommendations** For FreeBSD versions 6.3 through 7.1, consider implementing additional entropy sources to improve the randomness of the arc4random function until a patch is available. As a temporary workaround, restrict access to sensitive network protocols and the GEOM framework immediately after boot to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** FreeBSD versions 5.5, 6.1 through 6.3, and 7.0 beta 4 **Description** The issue affects the "internal state tracking" code for the random and urandom devices, allowing local users to obtain portions of previously-accessed random values. This could be used to bypass protection mechanisms that rely on secrecy of those values. **Recommendations** For FreeBSD versions 5.5, 6.1 through 6.3, and 7.0 beta 4, at the moment, there is no information about a newer version that contains a fix for this issue.