CVE-2007-2453 Information

Description

The random number feature in Linux kernel 2.6 before 2.6.20.13 and 2.6.21.x before 2.6.21.4 (1) does not properly seed pools when there is no entropy or (2) uses an incorrect cast when extracting entropy which might cause the random number generator to provide the same values after reboots on systems without an entropy source.

Reference

http://marc.info/?l=linux-kernel&m=118128610219959&w=2 http://marc.info/?l=linux-kernel&m=118128622431272&w=2 http://osvdb.org/37114 http://secunia.com/advisories/25596 http://secunia.com/advisories/25700 http://secunia.com/advisories/25961 http://secunia.com/advisories/26133 http://secunia.com/advisories/26139 http://secunia.com/advisories/26450 http://secunia.com/advisories/26620 http://secunia.com/advisories/26664 http://www.debian.org/security/2007/dsa-1356 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4 http://www.mandriva.com/security/advisories?name=MDKSA-2007:171 http://www.mandriva.com/security/advisories?name=MDKSA-2007:196 http://www.mandriva.com/security/advisories?name=MDKSA-2007:216 http://www.novell.com/linux/security/advisories/2007_43_kernel.html http://www.novell.com/linux/security/advisories/2007_51_kernel.html http://www.securityfocus.com/bid/24390 http://www.securitytracker.com/id?1018248 http://www.ubuntu.com/usn/usn-470-1 http://www.ubuntu.com/usn/usn-486-1 http://www.ubuntu.com/usn/usn-489-1 http://www.vupen.com/english/advisories/2007/2105 https://exchange.xforce.ibmcloud.com/vulnerabilities/34781 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9960 https://rhn.redhat.com/errata/RHSA-2007-0376.html