Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-3238

The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time."

Related bugs and status

CVE-2009-3238 (Candidate) is related to these bugs:

Bug #395973: Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities

Summary				In	Importance	Status
	395973	Please update kernel to version 2.6.24-26.34 to fix several security vulnerabilities		The Dell Mini Project	Undecided	Confirmed

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://git.kernel.org/...
CONFIRM: http://patchwork.kerne...
CONFIRM: http://www.kernel.org/...
CONFIRM: https://bugzilla.redha...
CONFIRM: https://bugzilla.redha...
REDHAT: RHSA-2009:1438
SUSE: SUSE-SA:2009:054
SECUNIA: 37351
SUSE: SUSE-SA:2010:012
UBUNTU: USN-852-1
SECUNIA: 37105
OVAL: oval:org.mitre.oval:de...
CONFIRM: https://support.hpe.co...