Bug 978243 (CVE-2013-2213) - CVE-2013-2213 KDE KRandom::random() CWE-334: Small Space of Random Values
Summary: CVE-2013-2213 KDE KRandom::random() CWE-334: Small Space of Random Values
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2013-2213
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 978246 978247
Blocks: 978251
TreeView+ depends on / blocked
 
Reported: 2013-06-26 07:31 UTC by Garth Mollett
Modified: 2020-02-11 00:13 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-07-08 03:51:17 UTC


Attachments (Terms of Use)

Description Garth Mollett 2013-06-26 07:31:04 UTC
Michael Samuel (mik@miknet.net) reports:
KRandom::random() should not be considered a secure PRNG due to having a limited space of random values (32bits).

Reference:
http://openwall.com/lists/oss-security/2013/06/26/1
http://openwall.com/lists/oss-security/2013/06/26/2

Comment 1 Garth Mollett 2013-06-26 07:43:02 UTC
Created kdelibs tracking bugs for this issue

Affects: fedora-all [bug 978246]

Comment 2 Garth Mollett 2013-06-26 07:43:13 UTC
Created kdelibs3 tracking bugs for this issue

Affects: fedora-all [bug 978247]

Comment 3 Huzaifa S. Sidhpurwala 2013-07-08 03:24:46 UTC
The KRandom::random() function is written using the glibc srand()/rand() functions. 

kdecore/util/krandom.cpp:

     39       int fd = KDE_open("/dev/urandom", O_RDONLY);
     40       if (fd < 0 || ::read(fd, &seed, sizeof(seed)) != sizeof(seed))
     41       {
     42             // No /dev/urandom... try something else.
     43             srand(getpid());
     44             seed = rand()+time(0);
     45       }
     46       if (fd >= 0) close(fd);
     47       srand(seed);
     48    }
     49    return rand();

Krandom::random() tries to read the seed from /dev/urandom. If it is not able to open /dev/urandom, it uses a combination of the pid and system time to derive a seed (more predictable then /dev/urandom ofcourse). This seed is then used to derive random numbers via the glibc, rand() function.

Note: glibc's rand() function is based on Linear congruential generator and is not recommended to be used for cryptographic purposes which includes generation of random passwords/keys for desktop applications.

The same applies to other pseudo-random number generator functions like KRandom::random() which are based on glibc's rand().

Red Hat recommends use of the following functions for generating unpredictable and non-repeating values pseudo-random numbers.

http://docs.fedoraproject.org/en-US/Fedora_Security_Team//html/Defensive_Coding/ch10s02.html


Note You need to log in before you can comment on or make changes to this bug.