{"id": "FEDORA:6D404212C4", "type": "fedora", "bulletinFamily": "unix", "title": "[SECURITY] Fedora 15 Update: python-crypto-2.3-6.fc15", "description": "Python-crypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "published": "2012-06-03T23:28:10", "modified": "2012-06-03T23:28:10", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "href": "", "reporter": "Fedora", "references": [], "cvelist": ["CVE-2012-2417"], "lastseen": "2020-12-21T08:17:51", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2012-2417"]}, {"type": "openvas", "idList": ["OPENVAS:136141256231071480", "OPENVAS:1361412562310864354", "OPENVAS:136141256231071549", "OPENVAS:1361412562310120131", "OPENVAS:831704", "OPENVAS:1361412562310864277", "OPENVAS:71534", "OPENVAS:864269", "OPENVAS:71480", "OPENVAS:1361412562310841070"]}, {"type": "nessus", "idList": ["MANDRIVA_MDVSA-2012-117.NASL", "FREEBSD_PKG_F45C0049BE7211E1A2840023AE8E59F0.NASL", "OPENSUSE-2012-367.NASL", "FEDORA_2012-8470.NASL", "DEBIAN_DSA-2502.NASL", "GENTOO_GLSA-201206-23.NASL", "FEDORA_2012-8392.NASL", "MANDRIVA_MDVSA-2013-120.NASL", "ALA_ALAS-2012-86.NASL", "FEDORA_2012-8490.NASL"]}, {"type": "fedora", "idList": ["FEDORA:8EDEB211DE", "FEDORA:40FC72140E"]}, {"type": "freebsd", "idList": ["F45C0049-BE72-11E1-A284-0023AE8E59F0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:28334", "SECURITYVULNS:VULN:12454"]}, {"type": "ubuntu", "idList": ["USN-1484-1"]}, {"type": "amazon", "idList": ["ALAS-2012-086"]}, {"type": "gentoo", "idList": ["GLSA-201206-23"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2502-1:8E77D"]}, {"type": "seebug", "idList": ["SSV:60160"]}], "modified": "2020-12-21T08:17:51", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2020-12-21T08:17:51", "rev": 2}, "vulnersScore": 6.4}, "affectedPackage": [{"OS": "Fedora", "OSVersion": "15", "arch": "any", "packageName": "python-crypto", "packageVersion": "2.3", "packageFilename": "UNKNOWN", "operator": "lt"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T05:59:49", "description": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.", "edition": 6, "cvss3": {}, "published": "2012-06-17T03:41:00", "title": "CVE-2012-2417", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2012-2417"], "modified": "2017-08-29T01:31:00", "cpe": ["cpe:/a:dlitz:pycrypto:2.2", "cpe:/a:dlitz:pycrypto:2.4", "cpe:/a:dlitz:pycrypto:2.5", "cpe:/a:dlitz:pycrypto:1.0.0", "cpe:/a:dlitz:pycrypto:1.0.1", "cpe:/a:dlitz:pycrypto:2.1.0", "cpe:/a:dlitz:pycrypto:2.4.1", "cpe:/a:dlitz:pycrypto:1.0.2", "cpe:/a:dlitz:pycrypto:2.0", "cpe:/a:dlitz:pycrypto:1.9", "cpe:/a:dlitz:pycrypto:1.1", "cpe:/a:dlitz:pycrypto:2.3", "cpe:/a:dlitz:pycrypto:2.0.1"], "id": "CVE-2012-2417", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2417", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2019-05-29T18:38:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-04T00:00:00", "id": "OPENVAS:1361412562310864277", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864277", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2012-8490", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2012-8490\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864277\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:06:56 +0530 (Mon, 04 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name:\"FEDORA\", value:\"2012-8490\");\n script_name(\"Fedora Update for python-crypto FEDORA-2012-8490\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-crypto'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC15\");\n script_tag(name:\"affected\", value:\"python-crypto on Fedora 15\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.3~6.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:31", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing an update to python-crypto\nannounced via advisory DSA 2502-1.", "modified": "2019-03-18T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071480", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071480", "type": "openvas", "title": "Debian Security Advisory DSA 2502-1 (python-crypto)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2502_1.nasl 14275 2019-03-18 14:39:45Z cfischer $\n# Description: Auto-generated from advisory DSA 2502-1 (python-crypto)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71480\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_version(\"$Revision: 14275 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:39:45 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:07:10 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2502-1 (python-crypto)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB6\");\n script_xref(name:\"URL\", value:\"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202502-1\");\n script_tag(name:\"insight\", value:\"It was discovered that that the ElGamal code in PythonCrypto, a\ncollection of cryptographic algorithms and protocols for Python used\ninsecure insufficient prime numbers in key generation, which lead to a\nweakened signature or public key space, allowing easier brute force\nattacks on such keys.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6-1.\");\n\n script_tag(name:\"solution\", value:\"We recommend that you upgrade your python-crypto packages. After\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update to python-crypto\nannounced via advisory DSA 2502-1.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.1.0-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.1.0-2+squeeze1\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2019-05-29T18:38:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2012-06-04T00:00:00", "id": "OPENVAS:1361412562310864269", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310864269", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2012-8470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2012-8470\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.864269\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:05:57 +0530 (Mon, 04 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name:\"FEDORA\", value:\"2012-8470\");\n script_name(\"Fedora Update for python-crypto FEDORA-2012-8470\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-crypto'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC16\");\n script_tag(name:\"affected\", value:\"python-crypto on Fedora 16\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.3~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-11T11:06:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "Check for the Version of python-crypto", "modified": "2018-01-10T00:00:00", "published": "2012-06-04T00:00:00", "id": "OPENVAS:864269", "href": "http://plugins.openvas.org/nasl.php?oid=864269", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2012-8470", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2012-8470\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python-crypto on Fedora 16\";\ntag_insight = \"Python-crypto is a collection of both secure hash functions (such as MD5 and\n SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\");\n script_id(864269);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:05:57 +0530 (Mon, 04 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name: \"FEDORA\", value: \"2012-8470\");\n script_name(\"Fedora Update for python-crypto FEDORA-2012-8470\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python-crypto\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC16\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.3~6.fc16\", rls:\"FC16\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201206-23.", "modified": "2018-10-12T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071549", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071549", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201206-23 (pycrypto)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201206_23.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71549\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:53 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201206-23 (pycrypto)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"PyCrypto generates weak ElGamal keys.\");\n script_tag(name:\"solution\", value:\"All PyCrypto users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-python/pycrypto-2.6'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201206-23\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=417625\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201206-23.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"dev-python/pycrypto\", unaffected: make_list(\"ge 2.6\"), vulnerable: make_list(\"lt 2.6\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2018-01-11T11:07:36", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "Check for the Version of python-crypto", "modified": "2018-01-10T00:00:00", "published": "2012-06-04T00:00:00", "id": "OPENVAS:864277", "href": "http://plugins.openvas.org/nasl.php?oid=864277", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2012-8490", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2012-8490\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_affected = \"python-crypto on Fedora 15\";\ntag_insight = \"Python-crypto is a collection of both secure hash functions (such as MD5 and\n SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name : \"URL\" , value : \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\");\n script_id(864277);\n script_version(\"$Revision: 8352 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-10 08:01:57 +0100 (Wed, 10 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-06-04 11:06:56 +0530 (Mon, 04 Jun 2012)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name: \"FEDORA\", value: \"2012-8490\");\n script_name(\"Fedora Update for python-crypto FEDORA-2012-8490\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of python-crypto\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC15\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.3~6.fc15\", rls:\"FC15\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:00", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing an update for the ", "modified": "2018-11-16T00:00:00", "published": "2012-07-30T00:00:00", "id": "OPENVAS:1361412562310831704", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310831704", "type": "openvas", "title": "Mandriva Update for python-pycrypto MDVSA-2012:117 (python-pycrypto)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Mandriva Update for python-pycrypto MDVSA-2012:117 (python-pycrypto)\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_xref(name:\"URL\", value:\"http://www.mandriva.com/en/support/security/advisories/?name=MDVSA-2012:117\");\n script_oid(\"1.3.6.1.4.1.25623.1.0.831704\");\n script_version(\"$Revision: 12381 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-16 12:16:30 +0100 (Fri, 16 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-30 11:22:56 +0530 (Mon, 30 Jul 2012)\");\n script_cve_id(\"CVE-2012-2417\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name:\"MDVSA\", value:\"2012:117\");\n script_name(\"Mandriva Update for python-pycrypto MDVSA-2012:117 (python-pycrypto)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-pycrypto'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Mandrake Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/mandriva_mandrake_linux\", \"ssh/login/release\", re:\"ssh/login/release=MNDK_(2011\\.0|mes5\\.2)\");\n script_tag(name:\"affected\", value:\"python-pycrypto on Mandriva Linux 2011.0,\n Mandriva Enterprise Server 5.2\");\n script_tag(name:\"solution\", value:\"Please Install the Updated Packages.\");\n script_tag(name:\"insight\", value:\"A vulnerability has been discovered and corrected in python-pycrypto:\n\n PyCrypto before 2.6 does not produce appropriate prime numbers when\n using an ElGamal scheme to generate a key, which reduces the signature\n space or public key space and makes it easier for attackers to conduct\n brute force attacks to obtain the private key (CVE-2012-2417).\n\n The updated packages have been patched to correct this issue.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release) exit(0);\n\nres = \"\";\n\nif(release == \"MNDK_2011.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-pycrypto\", rpm:\"python-pycrypto~2.3~3.1\", rls:\"MNDK_2011.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n\n\nif(release == \"MNDK_mes5.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"pycrypto\", rpm:\"pycrypto~2.0.1~3.3mdvmes5.2\", rls:\"MNDK_mes5.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-12-04T11:19:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "Ubuntu Update for Linux kernel vulnerabilities USN-1484-1", "modified": "2017-12-01T00:00:00", "published": "2012-07-03T00:00:00", "id": "OPENVAS:841070", "href": "http://plugins.openvas.org/nasl.php?oid=841070", "type": "openvas", "title": "Ubuntu Update for python-crypto USN-1484-1", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_ubuntu_USN_1484_1.nasl 7960 2017-12-01 06:58:16Z santu $\n#\n# Ubuntu Update for python-crypto USN-1484-1\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2012 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that PyCrypto produced inappropriate prime numbers when\n generating ElGamal keys. An attacker could use this flaw to facilitate\n brute-forcing of ElGamal encryption keys.\";\n\ntag_summary = \"Ubuntu Update for Linux kernel vulnerabilities USN-1484-1\";\ntag_affected = \"python-crypto on Ubuntu 12.04 LTS ,\n Ubuntu 11.10 ,\n Ubuntu 11.04 ,\n Ubuntu 10.04 LTS\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-1484-1/\");\n script_id(841070);\n script_version(\"$Revision: 7960 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 07:58:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-07-03 10:26:13 +0530 (Tue, 03 Jul 2012)\");\n script_cve_id(\"CVE-2012-2417\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_xref(name: \"USN\", value: \"1484-1\");\n script_name(\"Ubuntu Update for python-crypto USN-1484-1\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"UBUNTU10.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.0.1+dfsg1-4ubuntu2.2\", rls:\"UBUNTU10.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU12.04 LTS\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.4.1-1ubuntu0.1\", rls:\"UBUNTU12.04 LTS\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.10\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.3-2ubuntu0.1\", rls:\"UBUNTU11.10\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"UBUNTU11.04\")\n{\n\n if ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.1.0-2ubuntu1.1\", rls:\"UBUNTU11.04\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2019-05-29T18:39:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2018-10-05T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:136141256231071534", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231071534", "type": "openvas", "title": "FreeBSD Ports: py-pycrypto", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_py-pycrypto0.nasl 11762 2018-10-05 10:54:12Z cfischer $\n#\n# Auto generated from VID f45c0049-be72-11e1-a284-0023ae8e59f0\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.71534\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_version(\"$Revision: 11762 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-05 12:54:12 +0200 (Fri, 05 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:22:17 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"FreeBSD Ports: py-pycrypto\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: py-pycrypto\n\nCVE-2012-2417\nPyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute force attacks to obtain the private key.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://lists.dlitz.net/pipermail/pycrypto/2012q2/000587.html\");\n script_xref(name:\"URL\", value:\"https://bugs.launchpad.net/pycrypto/+bug/985164\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/f45c0049-be72-11e1-a284-0023ae8e59f0.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"py-pycrypto\");\nif(!isnull(bver) && revcomp(a:bver, b:\"2.5\")>=0 && revcomp(a:bver, b:\"2.6\")<0) {\n txt += \"Package py-pycrypto version \" + bver + \" is installed which is known to be vulnerable.\\n\";\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2017-07-24T12:51:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "description": "The remote host is missing an update to python-crypto\nannounced via advisory DSA 2502-1.", "modified": "2017-07-07T00:00:00", "published": "2012-08-10T00:00:00", "id": "OPENVAS:71480", "href": "http://plugins.openvas.org/nasl.php?oid=71480", "type": "openvas", "title": "Debian Security Advisory DSA 2502-1 (python-crypto)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2502_1.nasl 6612 2017-07-07 12:08:03Z cfischer $\n# Description: Auto-generated from advisory DSA 2502-1 (python-crypto)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"It was discovered that that the ElGamal code in PythonCrypto, a\ncollection of cryptographic algorithms and protocols for Python used\ninsecure insufficient prime numbers in key generation, which lead to a\nweakened signature or public key space, allowing easier brute force\nattacks on such keys.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6-1.\n\nWe recommend that you upgrade your python-crypto packages. After\";\ntag_summary = \"The remote host is missing an update to python-crypto\nannounced via advisory DSA 2502-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202502-1\";\n\nif(description)\n{\n script_id(71480);\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_cve_id(\"CVE-2012-2417\");\n script_version(\"$Revision: 6612 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:08:03 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-08-10 03:07:10 -0400 (Fri, 10 Aug 2012)\");\n script_name(\"Debian Security Advisory DSA 2502-1 (python-crypto)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.1.0-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.1.0-2+squeeze1\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:49", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "description": "\nDwayne C. Litzenberger of PyCrypto reports:\n\nIn the ElGamal schemes (for both encryption and signatures), g is\n\t supposed to be the generator of the entire Z^*_p group. However, in\n\t PyCrypto 2.5 and earlier, g is more simply the generator of a random\n\t sub-group of Z^*_p.\nThe result is that the signature space (when the key is used for\n\t signing) or the public key space (when the key is used for encryption)\n\t may be greatly reduced from its expected size of log(p) bits, possibly\n\t down to 1 bit (the worst case if the order of g is 2).\nWhile it has not been confirmed, it has also been suggested that an\n\t attacker might be able to use this fact to determine the private key.\nAnyone using ElGamal keys should generate new keys as soon as\n\t practical.\nAny additional information about this bug will be tracked at\n\t https://bugs.launchpad.net/pycrypto/+bug/985164\n\n", "edition": 4, "modified": "2012-05-24T00:00:00", "published": "2012-05-24T00:00:00", "id": "F45C0049-BE72-11E1-A284-0023AE8E59F0", "href": "https://vuxml.freebsd.org/freebsd/f45c0049-be72-11e1-a284-0023ae8e59f0.html", "title": "pycrypto -- vulnerable ElGamal key generation", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntu": [{"lastseen": "2020-07-02T11:34:18", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "description": "It was discovered that PyCrypto produced inappropriate prime numbers when \ngenerating ElGamal keys. An attacker could use this flaw to facilitate \nbrute-forcing of ElGamal encryption keys.", "edition": 5, "modified": "2012-06-28T00:00:00", "published": "2012-06-28T00:00:00", "id": "USN-1484-1", "href": "https://ubuntu.com/security/notices/USN-1484-1", "title": "PyCrypto vulnerability", "type": "ubuntu", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-01-20T12:25:16", "description": " - fixes bnc#764127 CVE-2012-2417 insecure ElGamal key\n generation", "edition": 19, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : python-crypto (openSUSE-SU-2012:0830-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-crypto-debuginfo", "cpe:/o:novell:opensuse:11.4", "p-cpe:/a:novell:opensuse:python-crypto"], "id": "OPENSUSE-2012-367.NASL", "href": "https://www.tenable.com/plugins/nessus/74669", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2012-367.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74669);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2012-2417\");\n\n script_name(english:\"openSUSE Security Update : python-crypto (openSUSE-SU-2012:0830-1)\");\n script_summary(english:\"Check for the openSUSE-2012-367 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\" - fixes bnc#764127 CVE-2012-2417 insecure ElGamal key\n generation\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=764127\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2012-07/msg00010.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-crypto-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-crypto-2.3-6.1\") ) flag++;\nif ( rpm_check(release:\"SUSE11.4\", reference:\"python-crypto-debuginfo-2.3-6.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:41", "description": "This update, to the current upstream pycrypto release, includes a\nnumber of regular bug fixes plus a security fix for CVE-2012-2417\n(insecure ElGamal key generation). Anyone using ElGamal keys should\ngenerate new keys as soon as practical (any additional information\nabout this bug will be tracked at\nhttps://bugs.launchpad.net/pycrypto/+bug/985164).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-04T00:00:00", "title": "Fedora 17 : python-crypto-2.6-1.fc17 (2012-8392)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-06-04T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:17", "p-cpe:/a:fedoraproject:fedora:python-crypto"], "id": "FEDORA_2012-8392.NASL", "href": "https://www.tenable.com/plugins/nessus/59344", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8392.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59344);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name:\"FEDORA\", value:\"2012-8392\");\n\n script_name(english:\"Fedora 17 : python-crypto-2.6-1.fc17 (2012-8392)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update, to the current upstream pycrypto release, includes a\nnumber of regular bug fixes plus a security fix for CVE-2012-2417\n(insecure ElGamal key generation). Anyone using ElGamal keys should\ngenerate new keys as soon as practical (any additional information\nabout this bug will be tracked at\nhttps://bugs.launchpad.net/pycrypto/+bug/985164).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.launchpad.net/pycrypto/+bug/985164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=825162\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?05e92f4c\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:17\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^17([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 17.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC17\", reference:\"python-crypto-2.6-1.fc17\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T09:47:32", "description": "It was discovered that that the ElGamal code in PythonCrypto, a\ncollection of cryptographic algorithms and protocols for Python used\ninsecure insufficient prime numbers in key generation, which lead to a\nweakened signature or public key space, allowing easier brute-force\nattacks on such keys.", "edition": 16, "published": "2012-06-29T00:00:00", "title": "Debian DSA-2502-1 : python-crypto - programming error", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-06-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:python-crypto"], "id": "DEBIAN_DSA-2502.NASL", "href": "https://www.tenable.com/plugins/nessus/59780", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2502. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59780);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_bugtraq_id(53687);\n script_xref(name:\"DSA\", value:\"2502\");\n\n script_name(english:\"Debian DSA-2502-1 : python-crypto - programming error\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that that the ElGamal code in PythonCrypto, a\ncollection of cryptographic algorithms and protocols for Python used\ninsecure insufficient prime numbers in key generation, which lead to a\nweakened signature or public key space, allowing easier brute-force\nattacks on such keys.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/python-crypto\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2012/dsa-2502\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python-crypto packages. After installing this update,\npreviously generated keys need to be regenerated.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"python-crypto\", reference:\"2.1.0-2+squeeze1\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-crypto-dbg\", reference:\"2.1.0-2+squeeze1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:41", "description": "This update is a security fix for CVE-2012-2417 (insecure ElGamal key\ngeneration). Anyone using ElGamal keys should generate new keys as\nsoon as practical (any additional information about this bug will be\ntracked at https://bugs.launchpad.net/pycrypto/+bug/985164).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-04T00:00:00", "title": "Fedora 15 : python-crypto-2.3-6.fc15 (2012-8490)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-06-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-crypto", "cpe:/o:fedoraproject:fedora:15"], "id": "FEDORA_2012-8490.NASL", "href": "https://www.tenable.com/plugins/nessus/59352", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8490.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59352);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name:\"FEDORA\", value:\"2012-8490\");\n\n script_name(english:\"Fedora 15 : python-crypto-2.3-6.fc15 (2012-8490)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update is a security fix for CVE-2012-2417 (insecure ElGamal key\ngeneration). Anyone using ElGamal keys should generate new keys as\nsoon as practical (any additional information about this bug will be\ntracked at https://bugs.launchpad.net/pycrypto/+bug/985164).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.launchpad.net/pycrypto/+bug/985164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=825162\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?d698a9ab\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:15\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^15([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 15.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC15\", reference:\"python-crypto-2.3-6.fc15\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:51:25", "description": "Dwayne C. Litzenberger of PyCrypto reports :\n\nIn the ElGamal schemes (for both encryption and signatures), g is\nsupposed to be the generator of the entire Z^*_p group. However, in\nPyCrypto 2.5 and earlier, g is more simply the generator of a random\nsub-group of Z^*_p.\n\nThe result is that the signature space (when the key is used for\nsigning) or the public key space (when the key is used for encryption)\nmay be greatly reduced from its expected size of log(p) bits, possibly\ndown to 1 bit (the worst case if the order of g is 2).\n\nWhile it has not been confirmed, it has also been suggested that an\nattacker might be able to use this fact to determine the private key.\n\nAnyone using ElGamal keys should generate new keys as soon as\npractical.\n\nAny additional information about this bug will be tracked at\nhttps://bugs.launchpad.net/pycrypto/+bug/985164", "edition": 22, "published": "2012-06-26T00:00:00", "title": "FreeBSD : pycrypto -- vulnerable ElGamal key generation (f45c0049-be72-11e1-a284-0023ae8e59f0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-06-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:py-pycrypto", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_F45C0049BE7211E1A2840023AE8E59F0.NASL", "href": "https://www.tenable.com/plugins/nessus/59700", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59700);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2417\");\n\n script_name(english:\"FreeBSD : pycrypto -- vulnerable ElGamal key generation (f45c0049-be72-11e1-a284-0023ae8e59f0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dwayne C. Litzenberger of PyCrypto reports :\n\nIn the ElGamal schemes (for both encryption and signatures), g is\nsupposed to be the generator of the entire Z^*_p group. However, in\nPyCrypto 2.5 and earlier, g is more simply the generator of a random\nsub-group of Z^*_p.\n\nThe result is that the signature space (when the key is used for\nsigning) or the public key space (when the key is used for encryption)\nmay be greatly reduced from its expected size of log(p) bits, possibly\ndown to 1 bit (the worst case if the order of g is 2).\n\nWhile it has not been confirmed, it has also been suggested that an\nattacker might be able to use this fact to determine the private key.\n\nAnyone using ElGamal keys should generate new keys as soon as\npractical.\n\nAny additional information about this bug will be tracked at\nhttps://bugs.launchpad.net/pycrypto/+bug/985164\"\n );\n # http://lists.dlitz.net/pipermail/pycrypto/2012q2/000587.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.dlitz.net/pipermail/pycrypto/2012q2/000587.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.launchpad.net/pycrypto/+bug/985164\"\n );\n # https://vuxml.freebsd.org/freebsd/f45c0049-be72-11e1-a284-0023ae8e59f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a656233e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2012/05/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/26\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"py-pycrypto>=2.5<2.6\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-04-01T01:22:35", "description": "PyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute-force attacks to obtain the private key.", "edition": 26, "published": "2013-09-04T00:00:00", "title": "Amazon Linux AMI : python-crypto (ALAS-2012-86)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python-crypto", "p-cpe:/a:amazon:linux:python-crypto-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2012-86.NASL", "href": "https://www.tenable.com/plugins/nessus/69693", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2012-86.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(69693);\n script_version(\"1.7\");\n script_cvs_date(\"Date: 2018/04/18 15:09:34\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name:\"ALAS\", value:\"2012-86\");\n\n script_name(english:\"Amazon Linux AMI : python-crypto (ALAS-2012-86)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"PyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute-force attacks to obtain the private key.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2012-86.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python-crypto' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-crypto-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/09/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python-crypto-2.3-6.5.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python-crypto-debuginfo-2.3-6.5.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto / python-crypto-debuginfo\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T10:54:19", "description": "The remote host is affected by the vulnerability described in GLSA-201206-23\n(PyCrypto: Weak key generation)\n\n An error in the generate() function in ElGamal.py causes PyCrypto to\n generate weak ElGamal keys.\n \nImpact :\n\n A remote attacker might be able to derive private keys.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 21, "published": "2012-06-25T00:00:00", "title": "GLSA-201206-23 : PyCrypto: Weak key generation", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-06-25T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:pycrypto", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201206-23.NASL", "href": "https://www.tenable.com/plugins/nessus/59676", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201206-23.\n#\n# The advisory text is Copyright (C) 2001-2016 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59676);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_bugtraq_id(53687);\n script_xref(name:\"GLSA\", value:\"201206-23\");\n\n script_name(english:\"GLSA-201206-23 : PyCrypto: Weak key generation\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201206-23\n(PyCrypto: Weak key generation)\n\n An error in the generate() function in ElGamal.py causes PyCrypto to\n generate weak ElGamal keys.\n \nImpact :\n\n A remote attacker might be able to derive private keys.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201206-23\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All PyCrypto users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=dev-python/pycrypto-2.6'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"dev-python/pycrypto\", unaffected:make_list(\"ge 2.6\"), vulnerable:make_list(\"lt 2.6\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"PyCrypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T11:53:49", "description": "A vulnerability has been discovered and corrected in python-pycrypto :\n\nPyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute-force attacks to obtain the private key (CVE-2012-2417).\n\nThe updated packages have been patched to correct this issue.", "edition": 24, "published": "2012-09-06T00:00:00", "title": "Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2012:117)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-09-06T00:00:00", "cpe": ["cpe:/o:mandriva:linux:2011", "p-cpe:/a:mandriva:linux:python-pycrypto"], "id": "MANDRIVA_MDVSA-2012-117.NASL", "href": "https://www.tenable.com/plugins/nessus/61968", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2012:117. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(61968);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_bugtraq_id(53687);\n script_xref(name:\"MDVSA\", value:\"2012:117\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2012:117)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability has been discovered and corrected in python-pycrypto :\n\nPyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute-force attacks to obtain the private key (CVE-2012-2417).\n\nThe updated packages have been patched to correct this issue.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-pycrypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2011\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/07/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2011\", reference:\"python-pycrypto-2.3-3.1-mdv2011.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-12T10:10:41", "description": "This update is a security fix for CVE-2012-2417 (insecure ElGamal key\ngeneration). Anyone using ElGamal keys should generate new keys as\nsoon as practical (any additional information about this bug will be\ntracked at https://bugs.launchpad.net/pycrypto/+bug/985164).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "published": "2012-06-04T00:00:00", "title": "Fedora 16 : python-crypto-2.3-6.fc16 (2012-8470)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2012-06-04T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-crypto", "cpe:/o:fedoraproject:fedora:16"], "id": "FEDORA_2012-8470.NASL", "href": "https://www.tenable.com/plugins/nessus/59350", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2012-8470.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(59350);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_xref(name:\"FEDORA\", value:\"2012-8470\");\n\n script_name(english:\"Fedora 16 : python-crypto-2.3-6.fc16 (2012-8470)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update is a security fix for CVE-2012-2417 (insecure ElGamal key\ngeneration). Anyone using ElGamal keys should generate new keys as\nsoon as practical (any additional information about this bug will be\ntracked at https://bugs.launchpad.net/pycrypto/+bug/985164).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.launchpad.net/pycrypto/+bug/985164\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=825162\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?52193c8d\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:16\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/05/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/06/04\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^16([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 16.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC16\", reference:\"python-crypto-2.3-6.fc16\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-07T11:54:08", "description": "Updated python-pycrypto package fixes security vulnerability :\n\nPyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute-force attacks to obtain the private key (CVE-2012-2417).\n\nNote: any ElGamal keys that have previously been generated by PyCrypto\nshould be regenerated after installing this update.", "edition": 24, "published": "2013-04-20T00:00:00", "title": "Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:120)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2012-2417"], "modified": "2013-04-20T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:python-pycrypto"], "id": "MANDRIVA_MDVSA-2013-120.NASL", "href": "https://www.tenable.com/plugins/nessus/66132", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:120. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(66132);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2012-2417\");\n script_bugtraq_id(53687);\n script_xref(name:\"MDVSA\", value:\"2013:120\");\n script_xref(name:\"MGASA\", value:\"2012-0194\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:120)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python-pycrypto package fixes security vulnerability :\n\nPyCrypto before 2.6 does not produce appropriate prime numbers when\nusing an ElGamal scheme to generate a key, which reduces the signature\nspace or public key space and makes it easier for attackers to conduct\nbrute-force attacks to obtain the private key (CVE-2012-2417).\n\nNote: any ElGamal keys that have previously been generated by PyCrypto\nshould be regenerated after installing this update.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-pycrypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/04/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/04/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-pycrypto-2.3-3.1.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "amazon": [{"lastseen": "2020-11-10T12:36:10", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "description": "**Issue Overview:**\n\nPyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. \n\n \n**Affected Packages:** \n\n\npython-crypto\n\n \n**Issue Correction:** \nRun _yum update python-crypto_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python-crypto-2.3-6.5.amzn1.i686 \n python-crypto-debuginfo-2.3-6.5.amzn1.i686 \n \n src: \n python-crypto-2.3-6.5.amzn1.src \n \n x86_64: \n python-crypto-debuginfo-2.3-6.5.amzn1.x86_64 \n python-crypto-2.3-6.5.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2012-06-11T10:27:00", "published": "2012-06-11T10:27:00", "id": "ALAS-2012-086", "href": "https://alas.aws.amazon.com/ALAS-2012-86.html", "title": "Medium: python-crypto", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:21", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "edition": 1, "description": "### Background\n\nPyCrypto is the Python Cryptography Toolkit.\n\n### Description\n\nAn error in the generate() function in ElGamal.py causes PyCrypto to generate weak ElGamal keys. \n\n### Impact\n\nA remote attacker might be able to derive private keys.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll PyCrypto users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=dev-python/pycrypto-2.6\"", "modified": "2012-06-24T00:00:00", "published": "2012-06-24T00:00:00", "id": "GLSA-201206-23", "href": "https://security.gentoo.org/glsa/201206-23", "type": "gentoo", "title": "PyCrypto: Weak key generation", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "debian": [{"lastseen": "2020-11-11T13:22:02", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2502-1 security@debian.org\nhttp://www.debian.org/security/ Moritz Muehlenhoff\nJune 24, 2012 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-crypto\nVulnerability : programming error\nProblem type : remote\nDebian-specific: no\nCVE ID : CVE-2012-2417\n\nIt was discovered that that the ElGamal code in PythonCrypto, a \ncollection of cryptographic algorithms and protocols for Python used \ninsecure insufficient prime numbers in key generation, which lead to a \nweakened signature or public key space, allowing easier brute force \nattacks on such keys.\n\nFor the stable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze1.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6-1.\n\nWe recommend that you upgrade your python-crypto packages. After \ninstalling this update, previously generated keys need to be regenerated.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 3, "modified": "2012-06-24T20:37:37", "published": "2012-06-24T20:37:37", "id": "DEBIAN:DSA-2502-1:8E77D", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2012/msg00142.html", "title": "[SECURITY] [DSA 2502-1] python-crypto security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "seebug": [{"lastseen": "2017-11-19T17:51:27", "description": "BUGTRAQ ID: 53687\r\nCVE ID: CVE-2012-2417\r\n\r\nPyCrypto\u662f\u4f7f\u7528Python\u7f16\u5199\u7684\u52a0\u5bc6\u5de5\u5177\u5305\u3002\r\n\r\nPyCrypto 2.5\u4e4b\u524d\u7248\u672c\u5728\u4f7f\u7528ElGamal\u65b9\u6848\u751f\u6210\u5bc6\u94a5\u65f6\u5b58\u5728\u9519\u8bef\uff0c\u53ef\u9020\u6210\u7f29\u51cf\u5bc6\u94a5\u7a7a\u95f4\uff0c\u53ef\u88ab\u5229\u7528\u751f\u6210\u79c1\u94a5\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\n0\npython 2.5.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nPython\r\n------\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nwww.python.org", "published": "2012-05-29T00:00:00", "type": "seebug", "title": "Python PyCrypto\u5bc6\u94a5\u751f\u6210\u6f0f\u6d1e", "bulletinFamily": "exploit", "cvelist": ["CVE-2012-2417"], "modified": "2012-05-29T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-60160", "id": "SSV:60160", "sourceData": "", "sourceHref": "", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "fedora": [{"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "description": "Python-crypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2012-06-03T23:34:31", "published": "2012-06-03T23:34:31", "id": "FEDORA:8EDEB211DE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 16 Update: python-crypto-2.3-6.fc16", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-21T08:17:51", "bulletinFamily": "unix", "cvelist": ["CVE-2012-2417"], "description": "PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2012-06-03T00:00:59", "published": "2012-06-03T00:00:59", "id": "FEDORA:40FC72140E", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 17 Update: python-crypto-2.6-1.fc17", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:45", "bulletinFamily": "software", "cvelist": ["CVE-2012-2417"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2012:117\r\n http://www.mandriva.com/security/\r\n _______________________________________________________________________\r\n\r\n Package : python-pycrypto\r\n Date : July 27, 2012\r\n Affected: 2011., Enterprise Server 5.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n A vulnerability has been discovered and corrected in python-pycrypto:\r\n \r\n PyCrypto before 2.6 does not produce appropriate prime numbers when\r\n using an ElGamal scheme to generate a key, which reduces the signature\r\n space or public key space and makes it easier for attackers to conduct\r\n brute force attacks to obtain the private key &#40;CVE-2012-2417&#41;.\r\n \r\n The updated packages have been patched to correct this issue.\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2417\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Linux 2011:\r\n 6172bb25eb289a81b12509bd3ef1d4a9 2011/i586/python-pycrypto-2.3-3.1-mdv2011.0.i586.rpm \r\n 4075a2f644f897d1622f141d79c2b18c 2011/SRPMS/python-pycrypto-2.3-3.1.src.rpm\r\n\r\n Mandriva Linux 2011/X86_64:\r\n d19fa50bcb90f639a18dcedd65bafc00 2011/x86_64/python-pycrypto-2.3-3.1-mdv2011.0.x86_64.rpm \r\n 4075a2f644f897d1622f141d79c2b18c 2011/SRPMS/python-pycrypto-2.3-3.1.src.rpm\r\n\r\n Mandriva Enterprise Server 5:\r\n f9d5014592f76e6774fb88e349074b68 mes5/i586/pycrypto-2.0.1-3.3mdvmes5.2.i586.rpm \r\n e833decc6f1f52d25dc72be1bf845bd6 mes5/SRPMS/pycrypto-2.0.1-3.3mdvmes5.2.src.rpm\r\n\r\n Mandriva Enterprise Server 5/X86_64:\r\n 69e203abd4c4d400031e1fd516c0ff83 mes5/x86_64/pycrypto-2.0.1-3.3mdvmes5.2.x86_64.rpm \r\n e833decc6f1f52d25dc72be1bf845bd6 mes5/SRPMS/pycrypto-2.0.1-3.3mdvmes5.2.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/security/advisories\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_&#40;at&#41;_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n &lt;security*mandriva.com&gt;\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.11 &#40;GNU/Linux&#41;\r\n\r\niD8DBQFQEmd6mqjQ0CJFipgRAl5wAKDyfblw/UwKute6LMYjWYhqRGi+qACaAp6v\r\nBWW1ytoYITIBLL4dmg9GRk0=\r\n=h+Ym\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2012-07-29T00:00:00", "published": "2012-07-29T00:00:00", "id": "SECURITYVULNS:DOC:28334", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:28334", "title": "[ MDVSA-2012:117 ] python-pycrypto", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-08-31T11:09:47", "bulletinFamily": "software", "cvelist": ["CVE-2011-4944", "CVE-2012-1150", "CVE-2012-0845", "CVE-2011-4940", "CVE-2012-2417"], "description": "DoS, crissoite scripting, information leakage.", "edition": 1, "modified": "2012-07-29T00:00:00", "published": "2012-07-29T00:00:00", "id": "SECURITYVULNS:VULN:12454", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:12454", "title": "python multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}]}