thr3ads.net - Secure testing team - [Secure-testing-team] Bug#660585: nagios-nrpe-server: again use secure RNG [Feb 2012]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Christoph Anton Mitterer

2012-Feb-20 01:51 UTC

[Secure-testing-team] Bug#660585: nagios-nrpe-server: again use secure RNG

Package: nagios-nrpe-server
Version: 2.12-5
Severity: important
Tags: security


Hi.

I''ve been just shocked when I went through the patches and saw that one
removes
the usage of /dev/urandom and replaces it by some week seed.

I mean ok, SSL in the Nagios version of NRPE is completely broken anyway...

But why''re you doing this? Sorry for making noise, but it seems just
pointless?!
This remembers so strong to Debian''s OpenSSL patching around
catastrophy.


Even though SSL is useless anyway right now, if there''s no good reason
for it,
please drop this patch.


Cheers,
Chris.

Secure testing team - Feb 2012 - Bug#660585: nagios-nrpe-server: again use secure RNG

[Secure-testing-team] Bug#660585: nagios-nrpe-server: again use secure RNG