Vulnerability Note VU#150249

OpenSSL FIPS Object Module fails to properly generate random seeds

Overview

The OpenSSL FIPS Module fails to perform auto-seeding, which may allow an attacker to predict pseudo-randomly generated data.

I. Description

OpenSSL is a toolkit that provides SSL and TLS protocols as well as a general purpose cryptography library. The OpenSSL FIPS Object Module provides an API for invoking FIPS-approved cryptographic functions. The OpenSSL FIPS Module fails to properly perform auto-seeding during the FIPS self-test. This causes the PRNG key and seed to correspond to the last self-test. The FIPS PRNG gets additional seed data from the date-time information only.

II. Impact

An attacker may be able to predict pseudo-randomly generated data from OpenSSL. This can weaken the protection provided by OpenSSL's cryptography.

III. Solution

Wait for an approved patched distribution

This vulnerability is described in OpenSSL Security Advisory [29-Nov-2007]. This advisory describes the patches that demonstrate two different fixes for the vulnerability. However, FIPS 140-2 validation must be performed before the fixes can be incorporated into a validated module.

Systems Affected

Vendor	Status	Date Updated
OpenSSL	Vulnerable	3-Jan-2008

References

http://www.openssl.org/news/secadv_20071129.txt
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#733
http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf
http://csrc.nist.gov/publications/fips/
http://secunia.com/advisories/27859/
http://www.securityfocus.com/bid/26652
http://www.frsirt.com/english/advisories/2007/4044
http://www.securitytracker.com/id?1019029

Credit

This vulnerability was reported by Geoff Lowe of Secure Computing Corporation.

This document was written by Will Dormann.

Other Information

Date Public	11/30/2007
Date First Published	01/03/2008 11:26:06 AM
Date Last Updated	01/03/2008
CERT Advisory
CVE Name	CVE-2007-5502
Metric	0.50
Document Revision	5