oss-sec mailing list archives
Re: CVE request - mcrypt buffer overflow flaw
From: Raphael Geissert <geissert () debian org>
Date: Wed, 12 Sep 2012 12:00:52 -0500
On Tuesday 11 September 2012 10:19:38 Eygene Ryabinkin wrote:
Unfortunately, mcrypt's check_file_head() in combination with decrypt_general() is a bit worse: it allows to overwrite up to 50 bytes of stack buffers from decrypt_general(), namely local_algorithm, local_mode, local_keymode. And in some curcumstances to overwrite even 2-3 extra bytes (not more, since buf[3] will contain '\0'), though it is not very much controllable path.
Thanks for the review of that part, one less item on my TODO list :) Since CVE-2012-4409 has been widely related to the salt issue, I guess we need another CVE id? One could cover all the other issues. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Current thread:
- CVE request - mcrypt buffer overflow flaw Vincent Danen (Sep 06)
- Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Sep 06)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 06)
- Re: CVE request - mcrypt buffer overflow flaw Vincent Danen (Sep 06)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 10)
- Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Sep 13)
- Re: CVE request - mcrypt buffer overflow flaw Vincent Danen (Sep 06)
- Re: CVE request - mcrypt buffer overflow flaw Eygene Ryabinkin (Sep 11)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 12)
- Re: CVE request - mcrypt buffer overflow flaw Kurt Seifried (Sep 13)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 13)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 12)
- Re: CVE request - mcrypt buffer overflow flaw Raphael Geissert (Sep 15)