FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pycrypto -- PRNG reseed race condition

Affected packages
py26-pycrypto < 2.6.1
py27-pycrypto < 2.6.1
py31-pycrypto < 2.6.1
py32-pycrypto < 2.6.1
py33-pycrypto < 2.6.1

Details

VuXML ID c0f122e2-3897-11e3-a084-3c970e169bc2
Discovery 2013-10-17
Entry 2013-10-19

Dwayne Litzenberger reports:

In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator (PRNG) exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal sensitive information or cryptographic keys to remote attackers.

References

CVE Name CVE-2013-1445
URL http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html