Botan es_unix /dev/random Weakness

2003-12-12T00:00:00
ID OSVDB:3148
Type osvdb
Reporter OSVDB
Modified 2003-12-12T00:00:00

Description

Vulnerability Description

Botan contains a nondescript flaw in its randomness implementation. The issue is due to a problem in the es_unix module which affects all Unix systems without a /dev/random device.

Solution Description

Upgrade to version 1.3.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Botan contains a nondescript flaw in its randomness implementation. The issue is due to a problem in the es_unix module which affects all Unix systems without a /dev/random device.

References:

Vendor URL: http://freshmeat.net/projects/botan/?topic_id=44%2C809 Vendor URL: http://botan.randombit.net Generic Informational URL: http://botan.randombit.net/logs/log-13.php