Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-2417

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-2417
Last Modified 04 Apr 2013 11:10:44
Published 16 Jun 2012 11:41:40
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-2417

Summary

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Vulnerable Systems

Application

  • Dlitz Pycrypto 1.0.0

  • Dlitz Pycrypto 1.0.1

  • Dlitz Pycrypto 1.0.2

  • Dlitz Pycrypto 1.1

  • Dlitz Pycrypto 1.9

  • Dlitz Pycrypto 2.0

  • Dlitz Pycrypto 2.0.1

  • Dlitz Pycrypto 2.1.0

  • Dlitz Pycrypto 2.2

  • Dlitz Pycrypto 2.3

  • Dlitz Pycrypto 2.4

  • Dlitz Pycrypto 2.4.1

  • Dlitz Pycrypto 2.5


References

MISC - https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2

CONFIRM - https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog

MISC - https://bugs.launchpad.net/pycrypto/+bug/985164

XF - pycrypto-keys-weak-security(75871)

BID - 53687

OSVDB - 82279

MLIST - [oss-security] 20120524 CVE-2012-2417 - PyCrypto <= 2.5 insecure ElGamal key generation

SECUNIA - 49263

FEDORA - FEDORA-2012-8470

FEDORA - FEDORA-2012-8490

FEDORA - FEDORA-2012-8392

SUSE - openSUSE-SU-2012:0830

DEBIAN - DSA-2502

MANDRIVA - MDVSA-2012:117


Last Updated: 27 May 2016 10:56:32