NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness
BID:17496
Info
NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness
| Bugtraq ID: | 17496 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Apr 13 2006 12:00AM |
| Updated: | Apr 13 2006 07:22PM |
| Credit: | Discovered by Matthias Scheler. |
| Vulnerable: |
NetBSD NetBSD 2.1 NetBSD NetBSD 2.0.3 NetBSD NetBSD 2.0.2 NetBSD NetBSD 2.0.1 NetBSD NetBSD 2.0 NetBSD NetBSD 1.6.2 NetBSD NetBSD 1.6.1 NetBSD NetBSD 1.6 beta NetBSD NetBSD 1.6 Navision Financials Server 3.0 |
| Not Vulnerable: | |
Discussion
NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness
NetBSD is prone to predictable keys being generated due to incorrect detection of Intel hardware random number generator (RNG).
A NetBSD driver that employs the hardware RNG incorrectly detects the RNG while it is not present in the chipset and supplies a constant stream of bytes to be used in the entropy pool for the kernel RNG. This may have a significant impact on the quality of keys and other sensitive data that is generated using the predictable value as a seed; this may result in predictable keys being created.
This issue arises on NetBSD systems with i8xx motherboard chipset for x86 CPUs.
NetBSD is prone to predictable keys being generated due to incorrect detection of Intel hardware random number generator (RNG).
A NetBSD driver that employs the hardware RNG incorrectly detects the RNG while it is not present in the chipset and supplies a constant stream of bytes to be used in the entropy pool for the kernel RNG. This may have a significant impact on the quality of keys and other sensitive data that is generated using the predictable value as a seed; this may result in predictable keys being created.
This issue arises on NetBSD systems with i8xx motherboard chipset for x86 CPUs.
Exploit / POC
NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution / Fix
NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness
Solution:
NetBSD has released an advisory and fixes to address this issue.
Solution:
NetBSD has released an advisory and fixes to address this issue.
References
NetBSD False Intel Hardware RNG Detection Predictable Random Number Generation Weakness
References:
References:
- NetBSD Homepage (NetBSD)