CVE-2019-1549
Fork Protection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
OpenSSL 1.1.1 introduced a rewritten random number generator (RNG). This was intended to include protection in the event of a fork() system call in order to ensure that the parent and child processes did not share the same RNG state. However this protection was not being used in the default case. A partial mitigation for this issue is that the output from a high precision timer is mixed into the RNG state so the likelihood of a parent and child process sharing state is significantly reduced. If an application already calls OPENSSL_init_crypto() explicitly using OPENSSL_INIT_ATFORK then this problem does not occur at all. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
OpenSSL versión 1.1.1 introdujo un generador de números aleatorios (RNG) reescrito. Este tuvo la intención de incluir protección en el caso de una llamada de sistema fork() para asegurar que los procesos padre e hijo no compartieran el mismo estado RNG. Sin embargo, esta protección no estaba siendo usada en el caso predeterminado. Una mitigación parcial para este problema es que la salida de un temporizador de alta precisión se mezcla en el estado RNG, por lo que la probabilidad de un estado de intercambio de procesos padre e hijo es reducida significativamente. Si una aplicación ahora llama a OPENSSL_init_crypto() explícitamente utilizando OPENSSL_INIT_ATFORK, este problema no se produce en absoluto. Corregido en OpenSSL versión 1.1.1d (afectadas las versiones 1.1.1 hasta 1.1.1c).
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-11-28 CVE Reserved
- 2019-09-10 CVE Published
- 2024-09-03 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-330: Use of Insufficiently Random Values
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1b0fe00e2704b5e20334a16d3c9099d1ba2ef1be | X_refsource_confirm | |
| https://seclists.org/bugtraq/2019/Oct/1 | Mailing List |
|
| https://security.netapp.com/advisory/ntap-20190919-0002 | X_refsource_confirm |
|
| https://support.f5.com/csp/article/K44070243 | X_refsource_confirm | |
| https://support.f5.com/csp/article/K44070243?utm_source=f5support&%3Butm_medium=RSS | X_refsource_confirm | |
| https://www.oracle.com/security-alerts/cpuapr2020.html | X_refsource_misc |
|
| https://www.oracle.com/security-alerts/cpujan2020.html | X_refsource_misc |
|
| https://www.oracle.com/security-alerts/cpujul2020.html | X_refsource_misc |
|
| https://www.oracle.com/security-alerts/cpuoct2020.html | X_refsource_misc |
|
| https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Openssl Search vendor "Openssl" | Openssl Search vendor "Openssl" for product "Openssl" | >= 1.1.1 <= 1.1.1c Search vendor "Openssl" for product "Openssl" and version " >= 1.1.1 <= 1.1.1c" | - |
Affected
| ||||||