Bug 1408385 (CVE-2016-9594) - CVE-2016-9594 curl: Unitialized random
Summary: CVE-2016-9594 curl: Unitialized random
Status: CLOSED NOTABUG
Alias: CVE-2016-9594
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20161223,repor...
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-12-23 08:33 UTC by Andrej Nemec
Modified: 2019-06-08 21:41 UTC (History)
30 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2016-12-23 08:34:22 UTC


Attachments (Terms of Use)

Description Andrej Nemec 2016-12-23 08:33:06 UTC
libcurl's (new) internal function that returns a good 32bit random value was
implemented poorly and overwrote the pointer instead of writing the value into
the buffer the pointer pointed to.

This random value is used to generate nonces for Digest and NTLM
authentication, for generating boundary strings in HTTP formposts and
more. Having a weak or virtually non-existent random there makes these
operations vulnerable.

This function is brand new in 7.52.0

External References:

https://curl.haxx.se/docs/adv_20161223.html

Upstream patch:

https://curl.haxx.se/CVE-2016-9594.patch

Comment 1 Andrej Nemec 2016-12-23 08:33:34 UTC
Acknowledgments:

Name: Kamil Dudka (Red Hat)

Comment 2 Andrej Nemec 2016-12-23 08:34:22 UTC
Vulnerable version is not shipped anywhere across our products.


Note You need to log in before you can comment on or make changes to this bug.