Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4527

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2012-4527
Last Modified 29 Nov 2012 12:00:00
Published 21 Nov 2012 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-4527

Summary

Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name. NOTE: it is not clear whether this is a vulnerability.

Vulnerable Systems

Application

  • Mcrypt 2.6.4

  • Mcrypt 2.6.5

  • Mcrypt 2.6.6

  • Mcrypt 2.6.7

  • Mcrypt 2.6.8


References

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=867790

MLIST - [oss-security] 20121119 Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names

MLIST - [oss-security] 20121018 CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names

MLIST - [oss-security] 20121018 Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names

SUSE - openSUSE-SU-2012:1440

FEDORA - FEDORA-2012-17339

FEDORA - FEDORA-2012-17290

FEDORA - FEDORA-2012-17318


Last Updated: 27 May 2016 10:58:29