Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-36157

PRNG not cryptographically strong on GCC before 5.5

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Won't Fix
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Operating System:
      ALL

      Description

      Upgrading GCC to version 5.5 fixes a security flaw with PRNG.

      CVSS 2.1

      https://www.cvedetails.com/cve/CVE-2017-11671/

      "Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. "

        Attachments

          Activity

            People

            Assignee:
            backlog-server-devtools DO NOT USE - Backlog - Dev Tools
            Reporter:
            davi.ottenheimer Davi Ottenheimer
            Participants:
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: