There's a cve request pending for a buffer overflow in the ARC2 key handling, it's described in this test case: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=fd73731dfad451a81056fbb01e09aa78ab82eb5d A patch is available here: http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b Mike Wiacek <mjwiacek@google.com> is credited with finding this bug. No further detail is available and i'm afraid there's no packaged release yet. herd, can you include this patch in our distribution?
I'm quite unsure about the status here. If that's exploitable, it seems a user can pass a overly long key to ARC2 and can write arbitrary memory with its content. As pycrypto may be pulled as a PDEPEND of portage, i set this to "A1". If you think this is wrong, please correct me.
ping?
CVE-2009-0544 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0544): Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.
ping, python herd. upstream committed a patch 4 weeks ago. Is there anything holding this back from being fixed in our tree?
Hello, dev-python/pycrypto-2.0.1-r8 in CVS now with suggested patch. I'm adding arches to this bug so they are aware of this and act accordingly. I'm also keeping this bug open. Best regards,
Created attachment 183837 [details] Unittest for ARC2 Buffer Overflow in CVE-2009-0544 This test case is a modified version of the one at securityfocus.com, so it runs on all python versions available in the tree.
Sparc stable for pycrypto-2.0.1-r8. All tests run fine.
ppc64 done
ppc stable
Stable for HPPA.
alpha/arm/ia64/s390/sh/x86 stable
amd64 stable
GLSA 200903-11