Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  NEWS  community  lists  Wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [<thread-prev] [month] [year] [list] 
Date: Thu, 12 Feb 2009 11:07:29 -0500 (EST)
From: "Steven M. Christey" <coley@...us.mitre.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: pycrypto


A specific version wasn't listed and the new maintainer hasn't released
any new versions, so I'm assuming the last version under the previous
maintainer, which seems to be 2.0.1.

Pinguar, sorry for the delay.

- Steve

======================================================
Name: CVE-2009-0544
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544
Reference: MLIST:[oss-security] 20090207 CVE Request: pycrypto
Reference: URL:http://www.openwall.com/lists/oss-security/2009/02/07/1
Reference: CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
Reference: CONFIRM:http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d
Reference: XF:pycrypto-arc2module-bo(48617)
Reference: URL:http://xforce.iss.net/xforce/xfdb/48617

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote
attackers to cause a denial of service and possibly execute arbitrary
code via a large ARC2 key length.

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ