OpenSSL Pseudo-Random Number Generator Vulnerability in Libssh
CVE-2014-0017

Currently unrated

Key Information:

Vendor

Libssh

Status
Libssh
Vendor
CVE Published:
14 March 2014

What is CVE-2014-0017?

The RAND_bytes function in Libssh versions prior to 0.6.3 contains a vulnerability related to the OpenSSL pseudo-random number generator. When forking is enabled, the state of the PRNG is not adequately reset, leading to shared state among child processes. This oversight creates a potential risk where local users could exploit a PID collision to gain unauthorized access to sensitive information, compromising system security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.ubuntu.com/usn/USN-2145-1
vendor-advisoryx_refsource_UBUNTU
http://www.debian.org/security/2014/dsa-2879
vendor-advisoryx_refsource_DEBIAN
http://lists.opensuse.org/opensuse-updates/2014-03/msg000...
vendor-advisoryx_refsource_SUSE

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.