164 matches found
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
CVE-2016-6129 affects LibTomCrypt (used by OP-TEE before 2.2.0). The rsa_verify_hash_ex function does not validate that the message length matches the ASN.1 encoded data length, enabling Bleichenbacher-like forgery of RSA signatures or public certificates. Public disclosures in multiple feeds (De...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
CVE-2016-6129
The rsaverifyhashex function in rsaverifyhash.c in LibTomCrypt, as used in OP-TEE before 2.2.0, does not validate that the message length is equal to the ASN.1 encoded data length, which makes it easier for remote attackers to forge RSA signatures or public certificates by leveraging a...
MGASA-2016-0369 Updated libtomcrypt packages fix security vulnerability
It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS1 v1.5 signature signed by that key CVE-2016-6129...
Updated libtomcrypt packages fix security vulnerability
It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS1 v1.5 signature signed by that key CVE-2016-6129...
PT-2017-8916
Name of the Vulnerable Software and Affected Versions LibTomCrypt versions prior to 2.2.0 OP-TEE versions prior to 2.2.0 Description The issue arises from the rsa verify hash ex function in rsa verify hash.c, which fails to validate that the message length matches the ASN.1 encoded data length...
Debian DLA-612-1 : libtomcrypt security update
It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS1 v1.5 signature signed by that key. For Debian 7 'Wheezy', these problems have been...
[SECURITY] [DLA 612-1] libtomcrypt security update
Package : libtomcrypt Version : 1.17-3.2+deb7u1 CVE ID : CVE-2016-6129 It was discovered that the implementation of RSA signature verification in libtomcrypt is vulnerable to the Bleichenbacher signature attack. If an RSA key with exponent 3 is used it may be possible to forge a PKCS1 v1.5...
DLA-612-1 libtomcrypt - security update
Bulletin has no description...
Fedora Update for libtomcrypt FEDORA-2013-14482
Check for the Version of libtomcrypt OpenVAS Vulnerability Test Fedora Update for libtomcrypt FEDORA-2013-14482 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...
Fedora 18 : libtomcrypt-1.17-20.fc18 / libtommath-0.42.0-2.fc18 (2013-14488)
"Fixes a bug in mpprimenextprime %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Fedora Security Advisory 2013-14488. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid69389;...
Fedora Update for libtomcrypt FEDORA-2013-14482
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for libtomcrypt FEDORA-2013-14488
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 19 : libtomcrypt-1.17-20.fc19 / libtommath-0.42.0-2.fc19 (2013-14482)
"Fixes a bug in mpprimenextprime %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Fedora Security Advisory 2013-14482. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid69388;...
FreeBSD Ports: libtomcrypt
The remote host is missing an update to the system as announced in the referenced advisory. VID a78299e7-9ef3-11da-b410-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...
FreeBSD Ports: libtomcrypt
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
FreeBSD : libtomcrypt -- weak signature scheme with ECC keys (a78299e7-9ef3-11da-b410-000e0c2e438a)
The Secure Science Corporation reports that libtomcrypt is vulnerable to a weak signature scheme. This allows an attacker to create a valid random signature and use that to sign arbitrary messages without requiring the private key. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The...
CVE-2005-1600
Technical details (affected product/version/root cause/mitigation) are not publicly available in the provided connected documents. Monitor for updates.
CVE-2005-1600
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key...