CVE-2011-3599

2011-10-1010:55:00

Debian Security Bug Tracker

security-tracker.debian.org

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

73.9%

JSON

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

OSVersionArchitecturePackageVersionFilename
Debian12alllibcrypt-dsa-perl< 1.17-3libcrypt-dsa-perl_1.17-3_all.deb
Debian11alllibcrypt-dsa-perl< 1.17-3libcrypt-dsa-perl_1.17-3_all.deb
Debian10alllibcrypt-dsa-perl< 1.17-3libcrypt-dsa-perl_1.17-3_all.deb
Debian999alllibcrypt-dsa-perl< 1.17-3libcrypt-dsa-perl_1.17-3_all.deb
Debian13alllibcrypt-dsa-perl< 1.17-3libcrypt-dsa-perl_1.17-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	libcrypt-dsa-perl	< 1.17-3	libcrypt-dsa-perl_1.17-3_all.deb
Debian	11	all	libcrypt-dsa-perl	< 1.17-3	libcrypt-dsa-perl_1.17-3_all.deb
Debian	10	all	libcrypt-dsa-perl	< 1.17-3	libcrypt-dsa-perl_1.17-3_all.deb
Debian	999	all	libcrypt-dsa-perl	< 1.17-3	libcrypt-dsa-perl_1.17-3_all.deb
Debian	13	all	libcrypt-dsa-perl	< 1.17-3	libcrypt-dsa-perl_1.17-3_all.deb