Lucene search
RootSSV:4798HistoryFeb 19, 2009 - 12:00 a.m.
PyCrypto ARC2模块缓冲区溢出漏洞
2009-02-1900:00:00
Root
www.seebug.org
13
0.321 Low
EPSS
Percentile
97.0%
BUGTRAQ ID: 33674
CVE(CAN) ID: CVE-2009-0544
PyCrypto是使用Python编写的加密工具包。
PyCrypto的ARC2模块中存在缓冲区溢出漏洞,如果远程攻击者在发送的请求中包含有超长的ARC2密钥长度的话,就可以触发这个溢出,导致拒绝服务或执行任意指令。
Dwayne C. Litzenberger PyCrypto 2.0.x
厂商补丁:
Dwayne C. Litzenberger
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b” target=“_blank”>http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b</a>
http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=blob;f=SelfTest/Cipher/test_ARC2.py;h=84d42410
Related
cve
cve
CVE-2009-0544
2009-02-12 17:30:00
nessus
nessus
Debian DSA-1726-1 : python-crypto - buffer overflow
2009-02-26 00:00:00
GLSA-200903-11 : PyCrypto: Execution of arbitrary code
2009-03-10 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)
2009-03-02 00:00:00
Debian: Security Advisory (DSA-1726-1)
2009-03-19 00:00:00
Mandrake Security Advisory MDVSA-2009:049-1 (pycrypto)
2009-03-02 00:00:00
ubuntu
ubuntu
Python Crypto vulnerability
2009-03-05 00:00:00
securityvulns
securityvulns
[ MDVSA-2009:050-1 ] python-pycrypto
2009-02-25 00:00:00
PyCrypto python module DoS
2009-02-25 00:00:00
gentoo
gentoo
PyCrypto: Execution of arbitrary code
2009-03-09 00:00:00
prion
prion
Buffer overflow
2009-02-12 17:30:00
cvelist
cvelist
CVE-2009-0544
2009-02-12 17:00:00
nvd
nvd
CVE-2009-0544
2009-02-12 17:30:00
debian
debian
[SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service
2009-02-25 20:31:39
ubuntucve
ubuntucve
CVE-2009-0544
2009-02-12 00:00:00
debiancve
debiancve
CVE-2009-0544
2009-02-12 17:30:00