Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared between children processes and allows local users to obtain sensitive information by leveraging a pid collision.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
libssh ‘RAND_bytes’函数信息泄露漏洞
Vulnerability Description
libssh是一个用于访问SSH服务的C语言开发包,它能够执行远程命令、文件传输,同时为远程的程序提供安全的传输通道。 libssh 0.6.2及之前版本的‘RAND_bytes’函数存在安全漏洞,该漏洞源于当处理新的请求时,程序没有正确初始化OpenSSL伪随机数生成器(PRNG)的状态。本地攻击者可通过PID冲突利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A