Phase:OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the existence of the /dev/random or /dev/urandom devices, which are absent on FreeBSD Alpha systems, which causes them to produce weak keys which may be more easily broken.
ReferencesFREEBSD:FreeBSD-SA-00:25 | URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0083.html | BID:1340 | URL:http://www.securityfocus.com/bid/1340
Votes:Proposed (Wednesday, July 12, 2000)
Comments: ACCEPT(2) Ozancin, Levy | MODIFY(1) Frech | NOOP(2) LeBlanc, Wall | REVIEWING(1) Christey
F7: Christey> ADDREF NETBSD | http://archives.neohapsis.com/archives/bugtraq/2000-06/0208.html | | Frech> XF:freebsd-alpha-weak-encryption(4704) | Christey> ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-007.txt.asc | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> Should the NetBSD problem really be combined with this?