File Descriptor Leak in lshd Impacts Local Security for LSH 2.0.1
CVE-2006-0353

Currently unrated

Key Information:

Vendor: Gnu
Status: Lsh
Vendor: CVE Published:; 22 January 2006

Summary

In lsh 2.0.1, the unix_random.c file in lshd leaks file descriptors associated with the randomness generator. This flaw can be exploited by local users to truncate the seed file, ultimately preventing the server from starting or allowing unauthorized access to sensitive seed information. Such leakage can facilitate cryptographic attacks, potentially compromising key integrity.

References

http://www.securityfocus.com/bid/16357

vdb-entryx_refsource_BID

http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000...

mailing-listx_refsource_MLIST

http://secunia.com/advisories/18623

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jan 22, 2006
Vulnerability Reserved
Jan 22, 2006