IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.ibm.com/support/docview.wss?uid=swg22013756 | Vendor Advisory | 
| http://www.securityfocus.com/bid/105580 | Third Party Advisory VDB Entry | 
| http://www.securitytracker.com/id/1041012 | Third Party Advisory VDB Entry | 
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139071 | VDB Entry Vendor Advisory | 
| http://www.ibm.com/support/docview.wss?uid=swg22013756 | Vendor Advisory | 
| http://www.securityfocus.com/bid/105580 | Third Party Advisory VDB Entry | 
| http://www.securitytracker.com/id/1041012 | Third Party Advisory VDB Entry | 
| https://exchange.xforce.ibmcloud.com/vulnerabilities/139071 | VDB Entry Vendor Advisory | 
Configurations
                    Configuration 1 (hide)
| AND | 
 
 | 
Configuration 2 (hide)
| AND | 
 
 | 
History
                    21 Nov 2024, 03:59
| Type | Values Removed | Values Added | 
|---|---|---|
| CVSS | v2 : v3 : | v2 : 6.4 v3 : 7.4 | 
| References | () http://www.ibm.com/support/docview.wss?uid=swg22013756 - Vendor Advisory | |
| References | () http://www.securityfocus.com/bid/105580 - Third Party Advisory, VDB Entry | |
| References | () http://www.securitytracker.com/id/1041012 - Third Party Advisory, VDB Entry | |
| References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/139071 - VDB Entry, Vendor Advisory | 
Information
                Published : 2018-03-22 12:29
Updated : 2024-11-21 03:59
NVD link : CVE-2018-1426
Mitre link : CVE-2018-1426
CVE.ORG link : CVE-2018-1426
JSON object : View
Products Affected
                microsoft
- windows
ibm
- db2
linux
- linux_kernel
CWE
                
                    
                        
                        CWE-335
                        
            Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
