Fedora 7 : dar-2.3.4-1.fc7 (2007-0904)

Adding CVE reference Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300 C Tenable...

CVE-2007-3528

CVE-2007-3528 affects DAR (Digital Alarm Router? actually the DAR project) before version 2.3.4. The vulnerability stems from the Blowfish-CBC mode: (1) make_ivec in libdar/crypto.cpp discards random bits, producing predictable and repeating IVs, and (2) direct use of a password for keying. This ...