Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3599

Overview

Vulnerability Score 5.8 5.8
CVE Id CVE-2011-3599
Last Modified 20 Oct 2011 10:56:06
Published 10 Oct 2011 06:55:06
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-3599

Summary

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

Vulnerable Systems

Application

  • Adam Kennedy Crypt-dsa 0.01

  • Adam Kennedy Crypt-dsa 0.02

  • Adam Kennedy Crypt-dsa 0.03

  • Adam Kennedy Crypt-dsa 0.10

  • Adam Kennedy Crypt-dsa 0.11

  • Adam Kennedy Crypt-dsa 0.12

  • Adam Kennedy Crypt-dsa 0.13

  • Adam Kennedy Crypt-dsa 0.14

  • Adam Kennedy Crypt-dsa 0.15 01

  • Adam Kennedy Crypt-dsa 1.16

  • Adam Kennedy Crypt-dsa 1.17


References

MISC - https://rt.cpan.org/Public/Bug/Display.html?id=71421

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=743567

MLIST - [oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random

MLIST - [oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random

BID - 49928

SECUNIA - 46275

OSVDB - 76025


Last Updated: 27 May 2016 10:57:44