Overview

The pseudorandom number generator (PRNG) in OpenSSL has a weakness that allows an attacker to determine its internal state and subsequently determine its future output values.

Description

OpenSSL’s PRNG hashes an internal state to produce output values, which are supposed to be pseudorandom and unpredictable. Since the hash algorithms are well-known, the internal state is intended to be mostly secret to prevent attackers from guessing what the output will be. However, in versions of OpenSSL prior to 0.9.6b, the PRNG outputs a significant portion of the internal state that is used in subsequent hash computation. Knowing this portion of internal state, attackers can brute-force the PRNG with multiple 1-byte requests to discover the entire internal state used to create future output values. For more information, see the OpenSSL security advisory of 10 July 2001.

---

Impact

Attackers can learn in advance what output the PRNG will return. Cryptographic secrets based in supposedly random values from the PRNG will no longer be secret, since those values can be determined in advance.

---

Solution

Contact your operating system vendor for an update which includes OpenSSL 0.9.6b or later.

Advanced users may wish to install from source code available at:

<ftp://ftp.openssl.org/source/openssl-0.9.6b.tar.gz&gt;

---

None.

---

Vendor Information

131923

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Astaro Affected

Updated: July 29, 2002

Status

Affected

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

Conectiva __ Affected

Updated: October 25, 2001

Status

Affected

Vendor Statement

Conectiva’s for CL 7.0 are at:

http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418&idioma=en

That page also contains links to updates for our older distros.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

FreeBSD __ Affected

Updated: October 25, 2001

Status

Affected

Vendor Statement

See <URL:``<ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:51.openssl.v1.1.asc>``>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

Guardian Digital __ Affected

Updated: July 29, 2002

Status

Affected

Vendor Statement

All users should upgrade to the most recent version, as outlined in
this advisory.

Guardian Digital recently made available the Guardian Digital Secure
Update, a means to proactively keep systems secure and manage
system software. EnGarde users can automatically update their system
using the Guardian Digital WebTool secure interface.

If choosing to manually upgrade this package, updates can be
obtained from:

<ftp://ftp.engardelinux.org/pub/engarde/stable/updates/&gt;
<http://ftp.engardelinux.org/pub/engarde/stable/updates/&gt;

Before upgrading the package, the machine must either:

a) be booted into a “standard” kernel; or
b) have LIDS disabled.

To disable LIDS, execute the command:

/sbin/lidsadm -S – -LIDS_GLOBAL

To install the updated package, execute the command:

rpm -Uvh <filename>

To reload the LIDS configuration, execute the command:

/usr/sbin/config_lids.pl

To re-enable LIDS (if it was disabled), execute the command:

/sbin/lidsadm -S – +LIDS_GLOBAL

To verify the signature of the updated packages, execute the command:

rpm -Kv <filename>

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

NetBSD __ Affected

Updated: October 25, 2001

Status

Affected

Vendor Statement

NetBSD released the security advisory:

NetBSD Security Advisory 2001-013 OpenSSL PRNG weakness (up to 0.9.6a)

on August 23 detailing our solution this issue.

It may be found at:

<ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc&gt;
In summary, we shipped some software which was vulnerable, but we have published a solution to the problem, and our latest shipping release (NetBSD 1.5.2) is not vulnerable.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

OpenSSL __ Affected

Updated: October 25, 2001

Status

Affected

Vendor Statement

See <http://www.openssl.org/news/secadv_prng.txt&gt;

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

Hewlett-Packard Company __ Not Affected

Updated: July 29, 2002

Status

Not Affected

Vendor Statement

HP does not ship/support OpenSSL.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

IBM __ Not Affected

Updated: October 25, 2001

Status

Not Affected

Vendor Statement

Regarding VU#131923, IBM’s AIX operating system is not vulnerable, as IBM does not include OpenSSL.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

Red Hat Inc. Unknown

Updated: October 19, 2001

Status

Unknown

Vendor Statement

We have not received a statement from the vendor.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23131923 Feedback>).

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

• <http://www.securityfocus.com/bid/3004&gt;
• <http://www.openssl.org/news/secadv_prng.txt&gt;

Acknowledgements

Thanks to the OpenSSL Project for reporting this vulnerability.

This document was written by Shawn Van Ittersum.

Other Information

CVE IDs:	CVE-2001-1141
Severity Metric:	2.60 Date Public: