Lucene search

[email protected]CVE-2007-3528

HistoryJul 03, 2007 - 6:30 p.m.

CVE-2007-3528

2007-07-0318:30:00

[email protected]

web.nvd.nist.gov

dar

blowfish

cryptography

vulnerability

cve-2007-3528

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.8%

JSON

The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.

Affected configurations

NVD

Node

dardarRange≤2.3.3

CPENameOperatorVersion
dar:dardarle2.3.3

CPE	Name	Operator	Version
dar:dar	dar	le	2.3.3

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=425335

osvdb.org/38189

osvdb.org/38190

secunia.com/advisories/25953

www.securityfocus.com/bid/24930

sourceforge.net/forum/forum.php?forum_id=711619

sourceforge.net/forum/forum.php?forum_id=711620

sourceforge.net/tracker/index.php?func=detail&aid=1730439&group_id=65612&atid=511612

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.4 Medium

AI Score

Confidence

Low

0.011 Low

EPSS

Percentile

84.8%

JSON

Related for CVE-2007-3528

nessus1 openvas2 debiancve1 fedora1 ubuntucve1 cvelist1 prion1 nvd1