Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 05 Jan 2016 00:30:36 +0000
From: Filippo Valsorda <ml@...ippo.io>
To: oss-security@...ts.openwall.com
Subject: CVE Request: python-rsa signature forgery

Hello,

please assign a CVE to this signature forgery vulnerability in
python-rsa. It allows an attacker to fake signatures for arbitrary
messages for any key with low exponent "e" (like the common 3).

Writeup:
https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
Fix:
https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
Project: https://pypi.python.org/pypi/rsa

Thanks,
Filippo

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ