[SERVER-36157] PRNG not cryptographically strong on GCC before 5.5 Created: 16/Jul/18  Updated: 06/Dec/22  Resolved: 23/Jul/18

Status: Closed
Project: Core Server
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Davi Ottenheimer Assignee: DO NOT USE - Backlog - Dev Tools
Resolution: Won't Fix Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Assigned Teams:
Developer Tools
Operating System: ALL
Participants:

 Description   

Upgrading GCC to version 5.5 fixes a security flaw with PRNG.

CVSS 2.1

https://www.cvedetails.com/cve/CVE-2017-11671/

"Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences that clobber the status flag of the RDRAND and RDSEED intrinsics before it can be read, potentially causing failures of these instructions to go unreported. This could potentially lead to less randomness in random number generation. "



 Comments   
Comment by Gregory McKeon (Inactive) [ 23/Jul/18 ]

We currently don't try to generate our own strong random numbers, so we will continue to rely on the OS for this and may consider bumping the toolchain to 5.5, as discussed by acm above.

Comment by Andy Schwerin [ 18/Jul/18 ]

MongoDB doesn't generate its own secure pseudo-random numbers. It depends on OS-provided facilities such as /dev/urandom. I don't know if any of the vendored third-party libraries do, but I'd be a little surprised if they did.

Generated at Thu Feb 08 04:42:12 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.