PRNG State Duplication in IBM GSKit: Risk of Duplicate Session IDs and Key Material

PRNG State Duplication in IBM GSKit: Risk of Duplicate Session IDs and Key Material

CVE-2018-1426 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1) duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which could result in duplicate Session IDs and a risk of duplicate key material. IBM X-Force ID: 139071.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.