Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4409

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4409
Last Modified 01 Apr 2013 11:20:09
Published 21 Nov 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4409

Summary

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

Vulnerable Systems

Application

  • Mcrypt 2.6.4

  • Mcrypt 2.6.5

  • Mcrypt 2.6.6

  • Mcrypt 2.6.7

  • Mcrypt 2.6.8


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=855029

MLIST - [oss-security] 20120906 Re: CVE request - mcrypt buffer overflow flaw

SECUNIA - 50507

MISC - http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html

SECTRACK - 1027532

SECUNIA - 51010

FEDORA - FEDORA-2012-13657

FEDORA - FEDORA-2012-13656

FEDORA - FEDORA-2012-13599


Last Updated: 27 May 2016 10:58:29