Summary: | <dev-python/pycrypto-2.0.1-r8 Buffer overflow in ARC2 module (CVE-2009-0544) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Matti Bickel (RETIRED) <mabi> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | critical | CC: | python | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b | ||||||
Whiteboard: | A1 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Matti Bickel (RETIRED)
2009-02-07 18:18:28 UTC
I'm quite unsure about the status here. If that's exploitable, it seems a user can pass a overly long key to ARC2 and can write arbitrary memory with its content. As pycrypto may be pulled as a PDEPEND of portage, i set this to "A1". If you think this is wrong, please correct me. ping? CVE-2009-0544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0544): Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length. ping, python herd. upstream committed a patch 4 weeks ago. Is there anything holding this back from being fixed in our tree? Hello, dev-python/pycrypto-2.0.1-r8 in CVS now with suggested patch. I'm adding arches to this bug so they are aware of this and act accordingly. I'm also keeping this bug open. Best regards, Created attachment 183837 [details]
Unittest for ARC2 Buffer Overflow in CVE-2009-0544
This test case is a modified version of the one at securityfocus.com, so it runs on all python versions available in the tree.
Sparc stable for pycrypto-2.0.1-r8. All tests run fine. ppc64 done ppc stable Stable for HPPA. alpha/arm/ia64/s390/sh/x86 stable amd64 stable GLSA 200903-11 |