PT-2013-1026 · Linux+4 · Linux Kernel+4

Stephan Mueller

Published

2013-10-10

Updated

2023-02-13

CVE-2013-4345

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Linux kernel versions through 3.11.4

Description The issue is related to an off-by-one error in the get prng bytes function, which affects the management of the state of consumed data. This makes it easier for attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data. The error leads to improper management of the state of the consumed data, potentially resulting in the use of less entropy.

Recommendations For Linux kernel versions through 3.11.4, update to a version that contains a fix for this issue to prevent improper management of the state of consumed data. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2013-1178

ALT-PU-2014-1422

BDU:2014-00092

CESA-2013_1645

CVE-2013-4345

DSA-2906-1

RHSA-2013:1449

RHSA-2013:1490

RHSA-2013:1645

RHSA-2013_1449

RHSA-2013_1645

SUSE-RU-2015:0621-1

SUSE-SU-2014_0140-1

SUSE-SU-2014_0169-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2064-1

USN-2065-1

USN-2068-1

USN-2070-1

USN-2071-1

USN-2072-1

USN-2074-1

USN-2075-1

USN-2076-1

USN-2109-1

USN-2110-1

USN-2158-1

Affected Products

Alt Linux

Centos

Linux Kernel

Red Hat

Suse

PT-2013-1026 · Linux+4 · Linux Kernel+4

CVE-2013-4345

Weakness Enumeration

Related Identifiers

Affected Products

References · 387