Re: [Chicken-users] [Chicken-announce] [SECURITY] Vulnerability to algor

chicken-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-users] [Chicken-announce] [SECURITY] Vulnerability to algor

From:	Peter Bex
Subject:	Re: [Chicken-users] [Chicken-announce] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table
Date:	Mon, 17 Jul 2017 08:48:17 +0200
User-agent:	NeoMutt/20170113 (1.7.2)

On Sun, Jul 16, 2017 at 08:32:03PM +0200, Peter Bex wrote:
> The code that sets up the initial symbol table is run _before_
> initializing the PRNG, which means the randomization factor uses
> the initial libc seed state.  On most libc implementations this
> means the symbol table randomization factor is a constant value
> which does not differ between runs.

This issue has been assigned CVE-2017-11343.

Regards,
The CHICKEN Team

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Chicken-users] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table, Peter Bex, 2017/07/16
- Re: [Chicken-users] [Chicken-announce] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table, Peter Bex <=

Prev by Date: [Chicken-users] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table
Next by Date: [Chicken-users] Passing in a scheme function into C to be called later
Previous by thread: [Chicken-users] [SECURITY] Vulnerability to algorithmic complexity attack due to incorrect randomization of symbol table
Next by thread: [Chicken-users] Passing in a scheme function into C to be called later
Index(es):
- Date
- Thread