Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)
2013-10-18T00:00:00
ID OPENVAS:892781 Type openvas Reporter Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net Modified 2017-07-07T00:00:00
Description
A cryptographic vulnerability was discovered in the pseudo random number
generator in python-crypto.
In some situations, a race condition could prevent the reseeding of the
generator when multiple processes are forked from the same parent. This would
lead it to generate identical output on all processes, which might leak
sensitive values like cryptographic keys.
# OpenVAS Vulnerability Test
# $Id: deb_2781.nasl 6611 2017-07-07 12:07:20Z cfischer $
# Auto-generated from advisory DSA 2781-1 using nvtgen 1.0
# Script version: 1.0
#
# Author:
# Greenbone Networks
#
# Copyright:
# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net
# Text descriptions are largely excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#
include("revisions-lib.inc");
tag_affected = "python-crypto on Debian Linux";
tag_insight = "A collection of cryptographic algorithms and protocols, implemented
for use from Python. Among the contents of the package:";
tag_solution = "For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.0-2+squeeze2.
For the stable distribution (wheezy), this problem has been fixed in
version 2.6-4+deb7u3.
For the testing distribution (jessie), this problem has been fixed in
version 2.6.1-2.
For the unstable distribution (sid), this problem has been fixed in
version 2.6.1-1.
We recommend that you upgrade your python-crypto packages.";
tag_summary = "A cryptographic vulnerability was discovered in the pseudo random number
generator in python-crypto.
In some situations, a race condition could prevent the reseeding of the
generator when multiple processes are forked from the same parent. This would
lead it to generate identical output on all processes, which might leak
sensitive values like cryptographic keys.";
tag_vuldetect = "This check tests the installed software version using the apt package manager.";
if(description)
{
script_id(892781);
script_version("$Revision: 6611 $");
script_cve_id("CVE-2013-1445");
script_name("Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)");
script_tag(name: "last_modification", value:"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $");
script_tag(name: "creation_date", value:"2013-10-18 00:00:00 +0200 (Fri, 18 Oct 2013)");
script_tag(name:"cvss_base", value:"4.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_xref(name: "URL", value: "http://www.debian.org/security/2013/dsa-2781.html");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
script_tag(name: "affected", value: tag_affected);
script_tag(name: "insight", value: tag_insight);
# script_tag(name: "impact", value: tag_impact);
script_tag(name: "solution", value: tag_solution);
script_tag(name: "summary", value: tag_summary);
script_tag(name: "vuldetect", value: tag_vuldetect);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-deb.inc");
res = "";
report = "";
if ((res = isdpkgvuln(pkg:"python-crypto", ver:"2.1.0-2+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"python-crypto-dbg", ver:"2.1.0-2+squeeze2", rls:"DEB6.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"python-crypto", ver:"2.6-4+deb7u3", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"python-crypto-dbg", ver:"2.6-4+deb7u3", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"python-crypto-doc", ver:"2.6-4+deb7u3", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"python3-crypto", ver:"2.6-4+deb7u3", rls:"DEB7.0")) != NULL) {
report += res;
}
if ((res = isdpkgvuln(pkg:"python3-crypto-dbg", ver:"2.6-4+deb7u3", rls:"DEB7.0")) != NULL) {
report += res;
}
if (report != "") {
security_message(data:report);
} else if (__pkg_match) {
exit(99); # Not vulnerable.
}
{"id": "OPENVAS:892781", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)", "description": "A cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.", "published": "2013-10-18T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=892781", "reporter": "Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net", "references": ["http://www.debian.org/security/2013/dsa-2781.html"], "cvelist": ["CVE-2013-1445"], "lastseen": "2017-07-24T12:51:57", "viewCount": 0, "enchantments": {"score": {"value": 5.0, "vector": "NONE", "modified": "2017-07-24T12:51:57", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-1445"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310867011", "OPENVAS:1361412562310892781", "OPENVAS:1361412562310867024", "OPENVAS:1361412562310120118", "OPENVAS:867024", "OPENVAS:867011"]}, {"type": "debian", "idList": ["DEBIAN:DSA-2781-1:24E22"]}, {"type": "nessus", "idList": ["DEBIAN_DSA-2781.NASL", "MANDRIVA_MDVSA-2013-262.NASL", "FEDORA_2013-19390.NASL", "FREEBSD_PKG_C0F122E2389711E3A0843C970E169BC2.NASL", "ALA_ALAS-2013-243.NASL", "FEDORA_2013-19441.NASL", "FEDORA_2013-19472.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:29991", "SECURITYVULNS:VULN:13395"]}, {"type": "freebsd", "idList": ["C0F122E2-3897-11E3-A084-3C970E169BC2"]}, {"type": "amazon", "idList": ["ALAS-2013-243"]}], "modified": "2017-07-24T12:51:57", "rev": 2}, "vulnersScore": 5.0}, "pluginID": "892781", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2781.nasl 6611 2017-07-07 12:07:20Z cfischer $\n# Auto-generated from advisory DSA 2781-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\n\ntag_affected = \"python-crypto on Debian Linux\";\ntag_insight = \"A collection of cryptographic algorithms and protocols, implemented\nfor use from Python. Among the contents of the package:\";\ntag_solution = \"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-4+deb7u3.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.6.1-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.\n\nWe recommend that you upgrade your python-crypto packages.\";\ntag_summary = \"A cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.\";\ntag_vuldetect = \"This check tests the installed software version using the apt package manager.\";\n\nif(description)\n{\n script_id(892781);\n script_version(\"$Revision: 6611 $\");\n script_cve_id(\"CVE-2013-1445\");\n script_name(\"Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)\");\n script_tag(name: \"last_modification\", value:\"$Date: 2017-07-07 14:07:20 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name: \"creation_date\", value:\"2013-10-18 00:00:00 +0200 (Fri, 18 Oct 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_xref(name: \"URL\", value: \"http://www.debian.org/security/2013/dsa-2781.html\");\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name: \"affected\", value: tag_affected);\n script_tag(name: \"insight\", value: tag_insight);\n# script_tag(name: \"impact\", value: tag_impact);\n script_tag(name: \"solution\", value: tag_solution);\n script_tag(name: \"summary\", value: tag_summary);\n script_tag(name: \"vuldetect\", value: tag_vuldetect);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.1.0-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.1.0-2+squeeze2\", rls:\"DEB6.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.6-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.6-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python-crypto-doc\", ver:\"2.6-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-crypto\", ver:\"2.6-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"python3-crypto-dbg\", ver:\"2.6-4+deb7u3\", rls:\"DEB7.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks", "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T06:06:49", "description": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.", "edition": 6, "cvss3": {}, "published": "2013-10-26T17:55:00", "title": "CVE-2013-1445", "type": "cve", "cwe": ["CWE-310"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-1445"], "modified": "2013-10-28T15:14:00", "cpe": ["cpe:/a:dlitz:pycrypto:2.2", "cpe:/a:dlitz:pycrypto:2.4", "cpe:/a:dlitz:pycrypto:2.5", "cpe:/a:dlitz:pycrypto:1.0.0", "cpe:/a:dlitz:pycrypto:1.0.1", "cpe:/a:dlitz:pycrypto:2.1.0", "cpe:/a:dlitz:pycrypto:2.4.1", "cpe:/a:dlitz:pycrypto:1.0.2", "cpe:/a:dlitz:pycrypto:2.0", "cpe:/a:dlitz:pycrypto:2.6", "cpe:/a:dlitz:pycrypto:2.3", "cpe:/a:dlitz:pycrypto:2.0.1"], "id": "CVE-2013-1445", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-1445", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.6:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.5:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-03-17T23:01:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "description": "The remote host is missing an update announced via the referenced Security Advisory.", "modified": "2020-03-13T00:00:00", "published": "2015-09-08T00:00:00", "id": "OPENVAS:1361412562310120118", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120118", "type": "openvas", "title": "Amazon Linux: Security Advisory (ALAS-2013-243)", "sourceData": "# Copyright (C) 2015 Eero Volotinen\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.120118\");\n script_version(\"2020-03-13T13:19:50+0000\");\n script_tag(name:\"creation_date\", value:\"2015-09-08 13:17:52 +0200 (Tue, 08 Sep 2015)\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 13:19:50 +0000 (Fri, 13 Mar 2020)\");\n script_name(\"Amazon Linux: Security Advisory (ALAS-2013-243)\");\n script_tag(name:\"insight\", value:\"The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.\");\n script_tag(name:\"solution\", value:\"Run yum update python-crypto to update your system.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://alas.aws.amazon.com/ALAS-2013-243.html\");\n script_cve_id(\"CVE-2013-1445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/amazon_linux\", \"ssh/login/release\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"summary\", value:\"The remote host is missing an update announced via the referenced Security Advisory.\");\n script_copyright(\"Copyright (C) 2015 Eero Volotinen\");\n script_family(\"Amazon Linux Local Security Checks\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"AMAZON\") {\n if(!isnull(res = isrpmvuln(pkg:\"python-crypto-debuginfo\", rpm:\"python-crypto-debuginfo~2.6.1~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.6.1~1.7.amzn1\", rls:\"AMAZON\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-18T11:08:51", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "description": "Check for the Version of python-crypto", "modified": "2018-01-18T00:00:00", "published": "2013-10-28T00:00:00", "id": "OPENVAS:867024", "href": "http://plugins.openvas.org/nasl.php?oid=867024", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2013-19441", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2013-19441\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867024);\n script_version(\"$Revision: 8456 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-18 07:58:40 +0100 (Thu, 18 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-28 13:58:23 +0530 (Mon, 28 Oct 2013)\");\n script_cve_id(\"CVE-2013-1445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python-crypto FEDORA-2013-19441\");\n\n tag_insight = \"PyCrypto is a collection of both secure hash functions (such as MD5 and\nSHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).\n\";\n\n tag_affected = \"python-crypto on Fedora 19\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-19441\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119691.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of python-crypto\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.6.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "description": "A cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.", "modified": "2019-03-18T00:00:00", "published": "2013-10-18T00:00:00", "id": "OPENVAS:1361412562310892781", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892781", "type": "openvas", "title": "Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_2781.nasl 14276 2019-03-18 14:43:56Z cfischer $\n# Auto-generated from advisory DSA 2781-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892781\");\n script_version(\"$Revision: 14276 $\");\n script_cve_id(\"CVE-2013-1445\");\n script_name(\"Debian Security Advisory DSA 2781-1 (python-crypto - PRNG not correctly reseeded in some situations)\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-18 15:43:56 +0100 (Mon, 18 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-18 00:00:00 +0200 (Fri, 18 Oct 2013)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_xref(name:\"URL\", value:\"http://www.debian.org/security/2013/dsa-2781.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB(6|7)\");\n script_tag(name:\"affected\", value:\"python-crypto on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-4+deb7u3.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.6.1-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.\n\nWe recommend that you upgrade your python-crypto packages.\");\n script_tag(name:\"summary\", value:\"A cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.1.0-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.1.0-2+squeeze2\", rls:\"DEB6\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-crypto\", ver:\"2.6-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-crypto-dbg\", ver:\"2.6-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python-crypto-doc\", ver:\"2.6-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-crypto\", ver:\"2.6-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\nif((res = isdpkgvuln(pkg:\"python3-crypto-dbg\", ver:\"2.6-4+deb7u3\", rls:\"DEB7\")) != NULL) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2019-05-29T18:38:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-28T00:00:00", "id": "OPENVAS:1361412562310867024", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867024", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2013-19441", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2013-19441\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867024\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-28 13:58:23 +0530 (Mon, 28 Oct 2013)\");\n script_cve_id(\"CVE-2013-1445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python-crypto FEDORA-2013-19441\");\n\n\n script_tag(name:\"affected\", value:\"python-crypto on Fedora 19\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-19441\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119691.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-crypto'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC19\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC19\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.6.1~1.fc19\", rls:\"FC19\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2018-01-26T11:09:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "description": "Check for the Version of python-crypto", "modified": "2018-01-26T00:00:00", "published": "2013-10-28T00:00:00", "id": "OPENVAS:867011", "href": "http://plugins.openvas.org/nasl.php?oid=867011", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2013-19472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2013-19472\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\n\nif(description)\n{\n script_id(867011);\n script_version(\"$Revision: 8542 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-26 07:57:28 +0100 (Fri, 26 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-28 13:40:58 +0530 (Mon, 28 Oct 2013)\");\n script_cve_id(\"CVE-2013-1445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python-crypto FEDORA-2013-19472\");\n\n tag_insight = \"PyCrypto is a collection of both secure hash functions (such as MD5 and\nSHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).\n\";\n\n tag_affected = \"python-crypto on Fedora 18\";\n\n tag_solution = \"Please Install the Updated Packages.\";\n\n\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name: \"FEDORA\", value: \"2013-19472\");\n script_xref(name: \"URL\" , value: \"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119706.html\");\n script_tag(name: \"summary\" , value: \"Check for the Version of python-crypto\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.6.1~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2019-05-29T18:38:08", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2013-10-28T00:00:00", "id": "OPENVAS:1361412562310867011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310867011", "type": "openvas", "title": "Fedora Update for python-crypto FEDORA-2013-19472", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Fedora Update for python-crypto FEDORA-2013-19472\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.867011\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2013-10-28 13:40:58 +0530 (Mon, 28 Oct 2013)\");\n script_cve_id(\"CVE-2013-1445\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_name(\"Fedora Update for python-crypto FEDORA-2013-19472\");\n\n\n script_tag(name:\"affected\", value:\"python-crypto on Fedora 18\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"FEDORA\", value:\"2013-19472\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119706.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-crypto'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC18\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC18\")\n{\n\n if ((res = isrpmvuln(pkg:\"python-crypto\", rpm:\"python-crypto~2.6.1~1.fc18\", rls:\"FC18\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-11-11T13:15:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-2781-1 security@debian.org\nhttp://www.debian.org/security/ Yves-Alexis Perez\nOctober 18, 2013 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : python-crypto\nVulnerability : PRNG not correctly reseeded in some situations\nProblem type : local\nDebian-specific: no\nCVE ID : CVE-2013-1445\nDebian Bug : \n\nA cryptographic vulnerability was discovered in the pseudo random number\ngenerator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of the\ngenerator when multiple processes are forked from the same parent. This would\nlead it to generate identical output on all processes, which might leak\nsensitive values like cryptographic keys.\n\nFor the oldstable distribution (squeeze), this problem has been fixed in\nversion 2.1.0-2+squeeze2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-4+deb7u3.\n\nFor the testing distribution (jessie), this problem has been fixed in\nversion 2.6.1-2.\n\nFor the unstable distribution (sid), this problem has been fixed in\nversion 2.6.1-1.\n\nWe recommend that you upgrade your python-crypto packages.\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: http://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 8, "modified": "2013-10-18T19:41:57", "published": "2013-10-18T19:41:57", "id": "DEBIAN:DSA-2781-1:24E22", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2013/msg00192.html", "title": "[SECURITY] [DSA 2781-1] python-crypto security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:33", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "\nDwayne Litzenberger reports:\n\nIn PyCrypto before v2.6.1, the Crypto.Random pseudo-random\n\t number generator (PRNG) exhibits a race condition that may cause\n\t it to generate the same 'random' output in multiple processes that\n\t are forked from each other. Depending on the application, this\n\t could reveal sensitive information or cryptographic keys to remote\n\t attackers.\n\n", "edition": 4, "modified": "2014-04-30T00:00:00", "published": "2013-10-17T00:00:00", "id": "C0F122E2-3897-11E3-A084-3C970E169BC2", "href": "https://vuxml.freebsd.org/freebsd/c0f122e2-3897-11e3-a084-3c970e169bc2.html", "title": "pycrypto -- PRNG reseed race condition", "type": "freebsd", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:53", "bulletinFamily": "software", "cvelist": ["CVE-2013-1445"], "description": "Predictable PRNG state after fork()", "edition": 1, "modified": "2013-11-05T00:00:00", "published": "2013-11-05T00:00:00", "id": "SECURITYVULNS:VULN:13395", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:13395", "title": "pycrypto PRNG vulnerabilities", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}, {"lastseen": "2018-08-31T11:10:49", "bulletinFamily": "software", "cvelist": ["CVE-2013-1445"], "description": "\r\n\r\n-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\n _______________________________________________________________________\r\n\r\n Mandriva Linux Security Advisory MDVSA-2013:262\r\n http://www.mandriva.com/en/support/security/\r\n _______________________________________________________________________\r\n\r\n Package : python-pycrypto\r\n Date : October 28, 2013\r\n Affected: Business Server 1.0\r\n _______________________________________________________________________\r\n\r\n Problem Description:\r\n\r\n Updated python-pycrypto package fixes security vulnerability:\r\n \r\n In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number\r\n generator (PRNG) exhibits a race condition that may cause it to\r\n generate the same 'random' output in multiple processes that are\r\n forked from each other. Depending on the application, this could\r\n reveal sensitive information or cryptographic keys to remote attackers\r\n (CVE-2013-1445).\r\n _______________________________________________________________________\r\n\r\n References:\r\n\r\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1445\r\n http://advisories.mageia.org/MGASA-2013-0319.html\r\n _______________________________________________________________________\r\n\r\n Updated Packages:\r\n\r\n Mandriva Business Server 1/X86_64:\r\n 9e1d85ee578d7784fe684789718b7a16 mbs1/x86_64/python-pycrypto-2.3-3.2.mbs1.x86_64.rpm \r\n bb1eee393936c861ea88e56fe6cbe206 mbs1/SRPMS/python-pycrypto-2.3-3.2.mbs1.src.rpm\r\n _______________________________________________________________________\r\n\r\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\r\n of md5 checksums and GPG signatures is performed automatically for you.\r\n\r\n All packages are signed by Mandriva for security. You can obtain the\r\n GPG public key of the Mandriva Security Team by executing:\r\n\r\n gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98\r\n\r\n You can view other update advisories for Mandriva Linux at:\r\n\r\n http://www.mandriva.com/en/support/security/advisories/\r\n\r\n If you want to report vulnerabilities, please contact\r\n\r\n security_(at)_mandriva.com\r\n _______________________________________________________________________\r\n\r\n Type Bits/KeyID Date User ID\r\n pub 1024D/22458A98 2000-07-10 Mandriva Security Team\r\n <security*mandriva.com>\r\n-----BEGIN PGP SIGNATURE-----\r\nVersion: GnuPG v1.4.12 (GNU/Linux)\r\n\r\niD8DBQFSbpnRmqjQ0CJFipgRAhfUAJ9uP4QDWpqixJgNUKGxpMJMW99/yQCg2m9u\r\nGLFLz+A+l1MxWpQddYm8Mp0=\r\n=gf2G\r\n-----END PGP SIGNATURE-----\r\n", "edition": 1, "modified": "2013-11-05T00:00:00", "published": "2013-11-05T00:00:00", "id": "SECURITYVULNS:DOC:29991", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:29991", "title": "[ MDVSA-2013:262 ] python-pycrypto", "type": "securityvulns", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}], "amazon": [{"lastseen": "2020-11-10T12:35:24", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "**Issue Overview:**\n\nThe Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.\n\n \n**Affected Packages:** \n\n\npython-crypto\n\n \n**Issue Correction:** \nRun _yum update python-crypto_ to update your system.\n\n \n\n\n**New Packages:**\n \n \n i686: \n python-crypto-debuginfo-2.6.1-1.7.amzn1.i686 \n python-crypto-2.6.1-1.7.amzn1.i686 \n \n src: \n python-crypto-2.6.1-1.7.amzn1.src \n \n x86_64: \n python-crypto-debuginfo-2.6.1-1.7.amzn1.x86_64 \n python-crypto-2.6.1-1.7.amzn1.x86_64 \n \n \n", "edition": 4, "modified": "2013-11-03T12:09:00", "published": "2013-11-03T12:09:00", "id": "ALAS-2013-243", "href": "https://alas.aws.amazon.com/ALAS-2013-243.html", "title": "Low: python-crypto", "type": "amazon", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "fedora": [{"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2013-10-27T04:01:42", "published": "2013-10-27T04:01:42", "id": "FEDORA:278A7220F4", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: python-crypto-2.6.1-1.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2013-10-27T05:31:06", "published": "2013-10-27T05:31:06", "id": "FEDORA:CD87721933", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 18 Update: python-crypto-2.6.1-1.fc18", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2013-11-10T07:05:58", "published": "2013-11-10T07:05:58", "id": "FEDORA:CFEAF23ECC", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 20 Update: python-crypto-2.6.1-1.fc20", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2013-10-27T05:35:22", "published": "2013-10-27T05:35:22", "id": "FEDORA:4442221FFE", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: python-crypto-2.6.1-1.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-12-21T08:17:52", "bulletinFamily": "unix", "cvelist": ["CVE-2013-1445"], "description": "PyCrypto is a collection of both secure hash functions (such as MD5 and SHA), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). ", "modified": "2013-10-27T03:58:02", "published": "2013-10-27T03:58:02", "id": "FEDORA:CD4E821AFD", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 19 Update: python-crypto-2.6.1-1.fc19", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-04-01T01:23:00", "description": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not\nproperly reseed the pseudo-random number generator (PRNG) before\nallowing a child process to access it, which makes it easier for\ncontext-dependent attackers to obtain sensitive information by\nleveraging a race condition in which a child process is created and\naccesses the PRNG within the same rate-limit period as another\nprocess.", "edition": 26, "published": "2013-11-14T00:00:00", "title": "Amazon Linux AMI : python-crypto (ALAS-2013-243)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2021-04-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:python-crypto", "p-cpe:/a:amazon:linux:python-crypto-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2013-243.NASL", "href": "https://www.tenable.com/plugins/nessus/70905", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2013-243.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(70905);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/04/18 15:09:35\");\n\n script_cve_id(\"CVE-2013-1445\");\n script_xref(name:\"ALAS\", value:\"2013-243\");\n\n script_name(english:\"Amazon Linux AMI : python-crypto (ALAS-2013-243)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Amazon Linux AMI host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not\nproperly reseed the pseudo-random number generator (PRNG) before\nallowing a child process to access it, which makes it easier for\ncontext-dependent attackers to obtain sensitive information by\nleveraging a race condition in which a child process is created and\naccesses the PRNG within the same rate-limit period as another\nprocess.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://alas.aws.amazon.com/ALAS-2013-243.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Run 'yum update python-crypto' to update your system.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python-crypto-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/14\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (rpm_check(release:\"ALA\", reference:\"python-crypto-2.6.1-1.7.amzn1\")) flag++;\nif (rpm_check(release:\"ALA\", reference:\"python-crypto-debuginfo-2.6.1-1.7.amzn1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto / python-crypto-debuginfo\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:11:16", "description": "In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a\nrace condition that may cause forked processes to generate identical\nsequences of 'random' numbers.\n\nThis release fixes the problem by resetting the rate-limiter when\nCrypto.Random.atfork() is invoked.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2013-10-27T00:00:00", "title": "Fedora 19 : python-crypto-2.6.1-1.fc19 (2013-19441)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2013-10-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:19", "p-cpe:/a:fedoraproject:fedora:python-crypto"], "id": "FEDORA_2013-19441.NASL", "href": "https://www.tenable.com/plugins/nessus/70641", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-19441.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70641);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1445\");\n script_bugtraq_id(63201);\n script_xref(name:\"FEDORA\", value:\"2013-19441\");\n\n script_name(english:\"Fedora 19 : python-crypto-2.6.1-1.fc19 (2013-19441)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a\nrace condition that may cause forked processes to generate identical\nsequences of 'random' numbers.\n\nThis release fixes the problem by resetting the rate-limiter when\nCrypto.Random.atfork() is invoked.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1020814\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119691.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6b571686\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119749.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ac9a3ddb\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:19\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^19([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 19.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC19\", reference:\"python-crypto-2.6.1-1.fc19\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T11:54:22", "description": "Updated python-pycrypto package fixes security vulnerability :\n\nIn PyCrypto before v2.6.1, the Crypto.Random pseudo-random number\ngenerator (PRNG) exhibits a race condition that may cause it to\ngenerate the same 'random' output in multiple processes that are\nforked from each other. Depending on the application, this could\nreveal sensitive information or cryptographic keys to remote attackers\n(CVE-2013-1445).", "edition": 26, "published": "2013-10-29T00:00:00", "title": "Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:262)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2013-10-29T00:00:00", "cpe": ["cpe:/o:mandriva:business_server:1", "p-cpe:/a:mandriva:linux:python-pycrypto"], "id": "MANDRIVA_MDVSA-2013-262.NASL", "href": "https://www.tenable.com/plugins/nessus/70681", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandriva Linux Security Advisory MDVSA-2013:262. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70681);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1445\");\n script_bugtraq_id(63201);\n script_xref(name:\"MDVSA\", value:\"2013:262\");\n\n script_name(english:\"Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:262)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Mandriva Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated python-pycrypto package fixes security vulnerability :\n\nIn PyCrypto before v2.6.1, the Crypto.Random pseudo-random number\ngenerator (PRNG) exhibits a race condition that may cause it to\ngenerate the same 'random' output in multiple processes that are\nforked from each other. Depending on the application, this could\nreveal sensitive information or cryptographic keys to remote attackers\n(CVE-2013-1445).\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://advisories.mageia.org/MGASA-2013-0319.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-pycrypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:python-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:business_server:1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/29\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK-MBS1\", cpu:\"x86_64\", reference:\"python-pycrypto-2.3-3.2.mbs1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T10:49:42", "description": "Dwayne Litzenberger reports :\n\nIn PyCrypto before v2.6.1, the Crypto.Random pseudo-random number\ngenerator (PRNG) exhibits a race condition that may cause it to\ngenerate the same 'random' output in multiple processes that are\nforked from each other. Depending on the application, this could\nreveal sensitive information or cryptographic keys to remote\nattackers.", "edition": 23, "published": "2013-10-20T00:00:00", "title": "FreeBSD : pycrypto -- PRNG reseed race condition (c0f122e2-3897-11e3-a084-3c970e169bc2)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2013-10-20T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:py32-pycrypto", "cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:py31-pycrypto", "p-cpe:/a:freebsd:freebsd:py33-pycrypto", "p-cpe:/a:freebsd:freebsd:py26-pycrypto", "p-cpe:/a:freebsd:freebsd:py27-pycrypto"], "id": "FREEBSD_PKG_C0F122E2389711E3A0843C970E169BC2.NASL", "href": "https://www.tenable.com/plugins/nessus/70517", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70517);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2013-1445\");\n\n script_name(english:\"FreeBSD : pycrypto -- PRNG reseed race condition (c0f122e2-3897-11e3-a084-3c970e169bc2)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Dwayne Litzenberger reports :\n\nIn PyCrypto before v2.6.1, the Crypto.Random pseudo-random number\ngenerator (PRNG) exhibits a race condition that may cause it to\ngenerate the same 'random' output in multiple processes that are\nforked from each other. Depending on the application, this could\nreveal sensitive information or cryptographic keys to remote\nattackers.\"\n );\n # http://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.dlitz.net/pipermail/pycrypto/2013q4/000702.html\"\n );\n # https://vuxml.freebsd.org/freebsd/c0f122e2-3897-11e3-a084-3c970e169bc2.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f26b851f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py26-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py27-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py31-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py32-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:py33-pycrypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/10/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"py26-pycrypto<2.6.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py27-pycrypto<2.6.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py31-pycrypto<2.6.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py32-pycrypto<2.6.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"py33-pycrypto<2.6.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:48:11", "description": "A cryptographic vulnerability was discovered in the pseudo random\nnumber generator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of\nthe generator when multiple processes are forked from the same parent.\nThis would lead it to generate identical output on all processes,\nwhich might leak sensitive values like cryptographic keys.", "edition": 16, "published": "2013-10-20T00:00:00", "title": "Debian DSA-2781-1 : python-crypto - PRNG not correctly reseeded in some situations", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2013-10-20T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:6.0", "p-cpe:/a:debian:debian_linux:python-crypto", "cpe:/o:debian:debian_linux:7.0"], "id": "DEBIAN_DSA-2781.NASL", "href": "https://www.tenable.com/plugins/nessus/70503", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2781. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70503);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1445\");\n script_bugtraq_id(63201);\n script_xref(name:\"DSA\", value:\"2781\");\n\n script_name(english:\"Debian DSA-2781-1 : python-crypto - PRNG not correctly reseeded in some situations\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A cryptographic vulnerability was discovered in the pseudo random\nnumber generator in python-crypto.\n\nIn some situations, a race condition could prevent the reseeding of\nthe generator when multiple processes are forked from the same parent.\nThis would lead it to generate identical output on all processes,\nwhich might leak sensitive values like cryptographic keys.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/squeeze/python-crypto\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/wheezy/python-crypto\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2013/dsa-2781\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the python-crypto packages.\n\nFor the oldstable distribution (squeeze), this problem has been fixed\nin version 2.1.0-2+squeeze2.\n\nFor the stable distribution (wheezy), this problem has been fixed in\nversion 2.6-4+deb7u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:6.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:7.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"6.0\", prefix:\"python-crypto\", reference:\"2.1.0-2+squeeze2\")) flag++;\nif (deb_check(release:\"6.0\", prefix:\"python-crypto-dbg\", reference:\"2.1.0-2+squeeze2\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-crypto\", reference:\"2.6-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-crypto-dbg\", reference:\"2.6-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python-crypto-doc\", reference:\"2.6-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python3-crypto\", reference:\"2.6-4+deb7u3\")) flag++;\nif (deb_check(release:\"7.0\", prefix:\"python3-crypto-dbg\", reference:\"2.6-4+deb7u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:11:16", "description": "In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a\nrace condition that may cause forked processes to generate identical\nsequences of 'random' numbers.\n\nThis release fixes the problem by resetting the rate-limiter when\nCrypto.Random.atfork() is invoked.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2013-10-27T00:00:00", "title": "Fedora 18 : python-crypto-2.6.1-1.fc18 (2013-19472)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2013-10-27T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:18", "p-cpe:/a:fedoraproject:fedora:python-crypto"], "id": "FEDORA_2013-19472.NASL", "href": "https://www.tenable.com/plugins/nessus/70643", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-19472.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70643);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1445\");\n script_bugtraq_id(63201);\n script_xref(name:\"FEDORA\", value:\"2013-19472\");\n\n script_name(english:\"Fedora 18 : python-crypto-2.6.1-1.fc18 (2013-19472)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a\nrace condition that may cause forked processes to generate identical\nsequences of 'random' numbers.\n\nThis release fixes the problem by resetting the rate-limiter when\nCrypto.Random.atfork() is invoked.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1020814\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119706.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?63ad0863\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-October/119720.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?6a4ad4ba\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:18\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/10/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^18([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 18.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC18\", reference:\"python-crypto-2.6.1-1.fc18\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T10:11:16", "description": "In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a\nrace condition that may cause forked processes to generate identical\nsequences of 'random' numbers.\n\nThis release fixes the problem by resetting the rate-limiter when\nCrypto.Random.atfork() is invoked.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "published": "2013-11-11T00:00:00", "title": "Fedora 20 : python-crypto-2.6.1-1.fc20 (2013-19390)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-1445"], "modified": "2013-11-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-crypto", "cpe:/o:fedoraproject:fedora:20"], "id": "FEDORA_2013-19390.NASL", "href": "https://www.tenable.com/plugins/nessus/70818", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory 2013-19390.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(70818);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2013-1445\");\n script_bugtraq_id(63201);\n script_xref(name:\"FEDORA\", value:\"2013-19390\");\n\n script_name(english:\"Fedora 20 : python-crypto-2.6.1-1.fc20 (2013-19390)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"In previous versions of PyCrypto, the Crypto.Random PRNG exhibits a\nrace condition that may cause forked processes to generate identical\nsequences of 'random' numbers.\n\nThis release fixes the problem by resetting the rate-limiter when\nCrypto.Random.atfork() is invoked.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1020814\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2013-November/120783.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?eae170f0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-crypto package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-crypto\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:20\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/10/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/11/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^20([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 20.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC20\", reference:\"python-crypto-2.6.1-1.fc20\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-crypto\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}]}
