Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Oct 2012 09:50:37 -0400 (EDT)
From: Jan Lieskovsky <>
To: "Steven M. Christey" <>
        Attila Bogar <>,
        Raphael Geissert <>
Subject: CVE Request -- mcrypt: stack-based buffer overflow by encryption /
 decryption of overly long file names

Hello Kurt, Steve, vendors,

  Attila Bogar reported a stack-based buffer overflow
in the way MCrypt, a crypt() package and crypt(1) command
replacement, used to encrypt / decrypt files with overly
long names (longer than 128 bytes). A remote attacker
could provide a specially-crafted file that, when processed
by the mcrypt too, would lead to mcrypt executable crash [*].

A different vulnerability than CVE-2012-4409:

Note: Using Red Hat bugzilla record for CVE-2012-4409 since
particular Mitre record is not described yet.


Patch proposed by Attila:

To reproduce let mcrypt encrypt / decrypt file with name
longer ~128 bytes.

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team

[*] FORTIFY_SOURCE protection mechanism would mitigate this
deficiency to result into crash only. But on systems, without
FORTIFY_SOURCE protection being applied, the impact might be

P.S.: I am not sure about relation of this issue to the issue
      Raphael Geissert reported previously:

      so CC-in him too, he to clarify if [2] == [4], or if
      they are yet different issues. Raphael, please clarify.
      Thanks, Jan.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ