PT-2013-1026 · Linux+4 · Linux Kernel+4

Stephan Mueller

Publicado

2013-10-10

Atualizado

2023-02-13

CVE-2013-4345

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.11.4

Description The issue is related to an off-by-one error in the get prng bytes function, which affects the management of the state of consumed data. This makes it easier for attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data. The error leads to improper management of the state of the consumed data, potentially resulting in the use of less entropy.

Recommendations For Linux kernel versions through 3.11.4, update to a version that contains a fix for this issue to prevent improper management of the state of consumed data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-189

Identificadores relacionados

ALT-PU-2013-1178

ALT-PU-2014-1422

BDU:2014-00092

CESA-2013_1645

CVE-2013-4345

DSA-2906-1

RHSA-2013:1449

RHSA-2013:1490

RHSA-2013:1645

RHSA-2013_1449

RHSA-2013_1645

SUSE-RU-2015:0621-1

SUSE-SU-2014_0140-1

SUSE-SU-2014_0169-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2064-1

USN-2065-1

USN-2068-1

USN-2070-1

USN-2071-1

USN-2072-1

USN-2074-1

USN-2075-1

USN-2076-1

USN-2109-1

USN-2110-1

USN-2158-1

Produtos afetados

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2013-1026 · Linux+4 · Linux Kernel+4

CVE-2013-4345

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 387