...
In this noncompliant code example, the process id, time of day, and uninitialized memory junk is used to seed a random number generator. This is characteristic of some distributions derived from Debian that utilized uninitialized memory as a source of randomness. Although the unpredictable property of junk is desired, the problem here is that some compilers will actually optimize out the uninitialized variable completely, resulting in a loss of desired entropy.
...
Accessing uninitialized variables generally leads to unexpected program behavior. In some cases, these types of flaws may allow the execution of arbitrary code.
On the other hand, accessing uninitialized cases for the unexpected program behavior can backfire as well, since certain compilers can optimize uninitialized variables away. This type of flaw makes security procedures more predictable that may allow cracking of RSA keys.
Distributions derived from Debian, particularly VU#925211 in the OpenSSL package for Debian Linux, are said to reference uninitialized memory. One might say that uninitialized memory causes the vulnerability, but this is not entirely true. The original OpenSSL code uses uninitialized memory as an additional source of randomness to an already randomly generated key. This generates good keys, but also causes the code-auditing tools Valgrind and Purify to issue warnings. Debian tries to fix the warnings with two changes. One actually eliminates the uninitialized memory access, but the other weakens the randomness of the keys. Weakening the randomness makes the key more predictable and causes a loss of security.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP33-C | high | probable | medium | P12 | L1 |
...