CVE-2018-11045: Operations Manager image contains static LRNG seed file

Severity

Medium

Vendor

Pivotal

Description

Pivotal Operations Manager, versions 2.1 prior to 2.1.6 and 2.0 prior to 2.0.15 and 1.12 prior to 1.12.22, contains a static Linux Random Number Generator (LRNG) seed file embedded in the appliance image. An attacker with knowledge of the exact version and IaaS of a running OpsManager could get the contents of the corresponding seed from the published image and therefore infer the initial state of the LRNG.

A persisted seed in the Ops Manager appliance image results in the same pseudo-random seed being mixed into the LRNG primary entropy pool on several VMs during each VM boot sequence as the LRNG entropy pools are initialized. In addition to the persisted seed, host based parameter data and the current time based on a high resolution timer is also mixed into the LRNG primary pool at this time. Additional randomness is then continuously added to the LRNG primary pool (and transferred to the secondary and non blocking pools) based on the normal functioning of the LRNG.

Affected VMware Products and Versions

Severity is medium unless otherwise noted.

Pivotal Operations Manager
- 2.1.x versions prior to 2.1.6
- 2.0 versions prior to 2.0.15
- 1.12 versions prior to 1.12.22

Mitigation

Users of affected versions should apply the following mitigation:

Releases that have fixed this issue include:
- Pivotal Operations Manager: 2.1.6, 2.0.15, 1.12.22

Credit

This vulnerability was responsibly reported by the Operations Manager team.

History

2018-07-10: Initial vulnerability report published