474986 – (CVE-2013-2213) kde-base/kdeplasma-addons: KRandom::random() CWE-334: Small Space of Random Values (CVE-2013-2213)

Bug 474986 (CVE-2013-2213) - kde-base/kdeplasma-addons: KRandom::random() CWE-334: Small Space of Random Values (CVE-2013-2213)

Summary: kde-base/kdeplasma-addons: KRandom::random() CWE-334: Small Space of Random V...

Status:	RESOLVED UPSTREAM

Alias:	CVE-2013-2213

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal minor (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.redhat.com/show_bug....
Whiteboard:	B4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2013-06-27 15:49 UTC by Agostino Sarubbo
Modified:	2014-07-28 22:01 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2013-06-27 15:49:35 UTC

From ${URL} :

Michael Samuel (mik@miknet.net) reports:
KRandom::random() should not be considered a secure PRNG due to having a limited space of random 
values (32bits).

Reference:
http://openwall.com/lists/oss-security/2013/06/26/1
http://openwall.com/lists/oss-security/2013/06/26/2


@maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.

Comment 1 Chris Reffett (RETIRED) gentoo-dev

2013-08-27 03:44:53 UTC

Red Hat says that this isn't really a KDE bug; it's using glibc's not-so-great rand() generator. Opinions? I'd be fine with closing this one.

Comment 2 Johannes Huber (RETIRED) gentoo-dev

2014-07-28 06:21:23 UTC

Is this still valid?

Comment 3 Michael Palimaka (kensington) gentoo-dev

2014-07-28 07:01:22 UTC

Looks like Fedora closed their issue as not a bug.

Comment 4 Mikle Kolyada (RETIRED) archtester

2014-07-28 21:53:24 UTC

Closed.