CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
The RAND_bytes function in libssh before 0.6.3, when forking is enabled,
does not properly reset the state of the OpenSSL pseudo-random number
generator (PRNG), which causes the state to be shared between children
processes and allows local users to obtain sensitive information by
leveraging a pid collision.
www.libssh.org/2014/03/04/libssh-0-6-3-security-release/
www.openwall.com/lists/oss-security/2014/03/05/1
launchpad.net/bugs/cve/CVE-2014-0017
nvd.nist.gov/vuln/detail/CVE-2014-0017
security-tracker.debian.org/tracker/CVE-2014-0017
ubuntu.com/security/notices/USN-2145-1
www.cve.org/CVERecord?id=CVE-2014-0017