212 matches found
CVE-2013-7459
Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py...
UBUNTU-CVE-2013-7459
Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py...
Updated python-pycrypto packages fix security vulnerabilities
This is a security fix for a possible Buffer overflow. AES.new with invalid parameter crashes python. The IV parameter is currently ignored when initializing a cipher in ECB or CTR mode. There was a bug in pycrypto which could be exploited to get a shell...
Fedora 25 : python-crypto (2017-7c569d396b)
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this...
openSUSE: Security Advisory for python-pycrypto (openSUSE-SU-2017:0156-1)
The remote host is missing an update for the Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
openSUSE Security Update : python-pycrypto (openSUSE-2017-86)
This update for python-pycrypto fixes the following issues : - A heap buffer overflow in the AES module was fixed that could have lead to remote code execution, if the mode of operation can be specified from the outside CVE-2013-7459, boo1017420. %NASLMINLEVEL 70300 C Tenable Network Security, In...
Security update for python-pycrypto (important)
This update for python-pycrypto fixes the following issues: - A heap buffer overflow in the AES module was fixed that could have lead to remote code execution, if the mode of operation can be specified from the outside CVE-2013-7459, boo1017420...
[ASA-201701-25] python2-crypto: arbitrary code execution
Arch Linux Security Advisory ASA-201701-25 ========================================== Severity: Critical Date : 2017-01-15 CVE-ID : CVE-2013-7459 Package : python2-crypto Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-118 Summary ======= The package...
[ASA-201701-26] python-crypto: arbitrary code execution
Arch Linux Security Advisory ASA-201701-26 ========================================== Severity: Critical Date : 2017-01-15 CVE-ID : CVE-2013-7459 Package : python-crypto Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-118 Summary ======= The package...
PyCrypto 'cryptmsg.py' Buffer Overflow Vulnerability
PyCrypto is an encryption toolkit written in Python that includes MD5, AES, DES3 and other encryption algorithms. PyCrypto suffers from a buffer overflow vulnerability that can be exploited by an attacker to cause a denial of service...
Arbitrary Remote Code Execution Via Buffer Overflow
pycrypto is vulnerable to remote code execution RCE via heap buffer overflow attacks. There is a heap buffer overflow on ALGobject.IV in blocktemplace.c, where attackers can write as many bytes as they want on part of the heap, and exploit it to control the execution flow to execute shell command...
SSL and TLS protocol test suite and fuzzer: tlsfuzzer
tlsfuzzer is a combination of TLS test framework, ready-to-use tests and hopefully in the future a fuzzer for TLS protocol. The aim is to have ability to test TLS implementation everywhere a fairly recent version of Python can run 2.6, 3.2 or later. Current implementation efforts focus on testing...
Amazon Linux: Security Advisory (ALAS-2012-86)
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Cowrie SSH Honeypot
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Cowrie is directly based on Kippo by Upi Tamminen. Features Some interesting features: Fake filesystem with the ability to add/remove file...
Cowrie - SSH Honeypot
Cowrie is a medium interaction SSH honeypot designed to log brute force attacks and, most importantly, the entire shell interaction performed by the attacker. Cowrie is directly based on Kippo by Upi Tamminen desaster. Features Some interesting features: Fake filesystem with the ability to...
Dshell - Network Forensic Analysis Framework
An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04 Python...
Dshell – Network Forensic Analysis Framework
Dshell An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures. Key features: Robust stream reassembly IPv4 and IPv6 support Custom output handlers Chainable decoders Prerequisites Linux developed on Ubuntu 12.04...
Mac OSX Server DirectoryService Buffer Overflow
No description provided by source. Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...
PyCrypto ARC2 Module Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/33674/info PyCrypto Python Cryptography Toolkit is prone to a buffer-overflow vulnerability because it fails to adequately verify user-supplied input. Successful exploits may allow attackers to execute arbitrary code in t...
[SECURITY] Fedora 20 Update: python-crypto-2.6.1-1.fc20
PyCrypto is a collection of both secure hash functions such as MD5 and SHA, and various encryption algorithms AES, DES, RSA, ElGamal, etc...