reseed(8) performs HTTP fetch of data from random.org

Have subscribed the security team to see if anyone there wants to chime in

Thank you for taking the time to report this bug and helping to make Ubuntu better. I apologize for not responding sooner. I can confirm this issue and have given it an initial Importance of 'Low', based on the difficulty of properly timing the attack while also requiring MITM access. This can be re-evaluated if necessary.

Since the package referred to in this bug is in universe, it is community maintained. As such, I have forwarded this information to the upstream author (as found in debian/copyright) and the oss-security mailing list:
http://www.openwall.com/lists/oss-security/2011/07/06/8

Once a patch is decided upon, if you are able, I suggest posting a debdiff for this issue. When a debdiff is available, a member of the security team will review it and publish the package. Please see the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.

Thanks again!

I'm not sure I see why this is difficult to exploit in a MITM attack or why the timing is difficult.

It would be easy to build a simple tool to MITM people who execute reseed(8) while connected to an open wireless network (e.g., at Starbucks). The automated tool could wait for a call to reseed(8) and when one is detected, automatically mount a MITM attack. This eliminates any difficulty of "timing" the attack and provides the attacker all necessary MITM access. Also, if the attacker can successfully mount a DNS hijacking attack on the random.org domain name, then that would provide an alternative attack avenue that also eliminates those difficulties.

I'm not familiar with the criteria for assigning an importance of 'Low', but I wanted to share this additional information to help you triage this bug.

The HTTP issue has been given CVE-2011-2683.

Package has been removed from Oneiric.