Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 258049
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Matti Bickel <mabi@gentoo.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
test.py Unittest for ARC2 Buffer Overflow in CVE-2009-0544 text/plain Jesus Rivero 2009-03-04 04:51 0000 4.78 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 258049 depends on: Show dependency tree
Bug 258049 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2009-02-07 18:18 0000 
There's a cve request pending for a buffer overflow in the ARC2 key handling,
it's described in this test case:
http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d

A patch is available here:
http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b

Mike Wiacek <mjwiacek@google.com> is credited with finding this bug. No further
detail is available and i'm afraid there's no packaged release yet.

herd, can you include this patch in our distribution?

------- Comment #1 From Matti Bickel 2009-02-07 18:26:30 0000 ------- 
I'm quite unsure about the status here. If that's exploitable, it seems a user
can pass a overly long key to ARC2 and can write arbitrary memory with its
content.

As pycrypto may be pulled as a PDEPEND of portage, i set this to "A1". If you
think this is wrong, please correct me.

------- Comment #2 From Matti Bickel 2009-02-12 23:47:48 0000 ------- 
ping?

------- Comment #3 From Robert Buchholz 2009-02-13 17:46:10 0000 ------- 
CVE-2009-0544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0544):
  Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote
  attackers to cause a denial of service and possibly execute arbitrary
  code via a large ARC2 key length.

------- Comment #4 From Robert Buchholz 2009-03-03 19:08:31 0000 ------- 
ping, python herd. upstream committed a patch 4 weeks ago. Is there anything
holding this back from being fixed in our tree?

------- Comment #5 From Jesus Rivero 2009-03-04 04:46:21 0000 ------- 
Hello, 

    dev-python/pycrypto-2.0.1-r8 in CVS now with suggested patch. I'm adding
arches to this bug so they are aware of this and act accordingly. I'm also
keeping this bug open.  

    Best regards,

------- Comment #6 From Jesus Rivero 2009-03-04 04:51:13 0000 ------- 
Created an attachment (id=183837) [details]
Unittest for ARC2 Buffer Overflow in CVE-2009-0544

This test case is a modified version of the one at securityfocus.com, so it
runs on all python versions available in the tree.

------- Comment #7 From Ferris McCormick 2009-03-04 13:39:23 0000 ------- 
Sparc stable for pycrypto-2.0.1-r8.  All tests run fine.

------- Comment #8 From Brent Baude 2009-03-04 16:50:22 0000 ------- 
ppc64 done

------- Comment #9 From Tobias Scherbaum 2009-03-04 20:25:16 0000 ------- 
ppc stable

------- Comment #10 From Jeroen Roovers 2009-03-05 14:30:06 0000 ------- 
Stable for HPPA.

------- Comment #11 From Raúl Porcel 2009-03-06 16:30:53 0000 ------- 
alpha/arm/ia64/s390/sh/x86 stable

------- Comment #12 From Markus Meier 2009-03-07 10:56:35 0000 ------- 
amd64 stable

------- Comment #13 From Robert Buchholz 2009-03-09 13:06:11 0000 ------- 
GLSA 200903-11
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug