Bug 978243 - (CVE-2013-2213) CVE-2013-2213 KDE KRandom::random() CWE-334: Small Space of Random Values
CVE-2013-2213 KDE KRandom::random() CWE-334: Small Space of Random Values
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
low Severity low
: ---
: ---
Assigned To: Red Hat Product Security
impact=low,public=20130626,reported=2...
: Security
Depends On: 978246 978247
Blocks: 978251
  Show dependency treegraph
 
Reported: 2013-06-26 03:31 EDT by Garth Mollett
Modified: 2015-07-31 03:08 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-07-07 23:51:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Garth Mollett 2013-06-26 03:31:04 EDT
Michael Samuel (mik@miknet.net) reports:
KRandom::random() should not be considered a secure PRNG due to having a limited space of random values (32bits).

Reference:
http://openwall.com/lists/oss-security/2013/06/26/1
http://openwall.com/lists/oss-security/2013/06/26/2
Comment 1 Garth Mollett 2013-06-26 03:43:02 EDT
Created kdelibs tracking bugs for this issue

Affects: fedora-all [bug 978246]
Comment 2 Garth Mollett 2013-06-26 03:43:13 EDT
Created kdelibs3 tracking bugs for this issue

Affects: fedora-all [bug 978247]
Comment 3 Huzaifa S. Sidhpurwala 2013-07-07 23:24:46 EDT
The KRandom::random() function is written using the glibc srand()/rand() functions. 

kdecore/util/krandom.cpp:

     39       int fd = KDE_open("/dev/urandom", O_RDONLY);
     40       if (fd < 0 || ::read(fd, &seed, sizeof(seed)) != sizeof(seed))
     41       {
     42             // No /dev/urandom... try something else.
     43             srand(getpid());
     44             seed = rand()+time(0);
     45       }
     46       if (fd >= 0) close(fd);
     47       srand(seed);
     48    }
     49    return rand();

Krandom::random() tries to read the seed from /dev/urandom. If it is not able to open /dev/urandom, it uses a combination of the pid and system time to derive a seed (more predictable then /dev/urandom ofcourse). This seed is then used to derive random numbers via the glibc, rand() function.

Note: glibc's rand() function is based on Linear congruential generator and is not recommended to be used for cryptographic purposes which includes generation of random passwords/keys for desktop applications.

The same applies to other pseudo-random number generator functions like KRandom::random() which are based on glibc's rand().

Red Hat recommends use of the following functions for generating unpredictable and non-repeating values pseudo-random numbers.

http://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/ch10s02.html

Note You need to log in before you can comment on or make changes to this bug.