Lincoln D. Stein Crypt::CBC Perl模块弱密文漏洞

admin
admin
admin
0
文章
0
评论
2024-01-13 15:46:50 YS 来源:ZONE.CI 全球网 0 阅读模式
> Lincoln D. Stein Crypt::CBC Perl模块弱密文漏洞

Lincoln D. Stein Crypt::CBC Perl模块弱密文漏洞

CNNVD-ID编号 CNNVD-200602-398 CVE编号 CVE-2006-0898
发布时间 2006-02-25 更新时间 2006-02-27
漏洞类型 设计错误 漏洞来源 The vendor disclosed this issue.
危险等级 低危 威胁类型 远程
厂商 lincoln_d._stein

漏洞介绍

Crypt::CBC Perl module 2.16及之前版本在RandomIV模式下运行时使用8个字节的初始化向量(IV),当与需要大于8字节块大小的密码(如Rijndael)一起使用时会导致更低的加密强度。

漏洞补丁

目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:

Lincoln D. Stein Crypt::CBC 1.25

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.02

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.08

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.11

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.05

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 1.21

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.10

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.14

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.01

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.00

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.15

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.03

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.07

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.12

Debian libcrypt-cbc-perl_2.12-1sarge1_all.deb

Debian GNU/Linux 3.1 alias sarge

http://security.debian.org/pool/updates/main/libc/libcrypt-cbc-perl/i bcrypt-cbc-perl_2.12-1sarge1_all.deb

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 1.10

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 1.20

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.16

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

Lincoln D. Stein Crypt::CBC 2.04

Lincoln D. Stein Crypt-CBC-2.17.tar.gz

http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz

参考网址

来源: BID

名称: 16802

链接:http://www.securityfocus.com/bid/16802

来源: BUGTRAQ

名称: 20060223 Vulnerability in Crypt::CBC Perl module, versions

链接:http://www.securityfocus.com/archive/1/archive/1/425966/100/0/threaded

来源: SECUNIA

名称: 31493

链接:http://secunia.com/advisories/31493

来源: REDHAT

名称: RHSA-2008:0630

链接:http://rhn.redhat.com/errata/RHSA-2008-0630.html

来源: XF

名称: crypt-cbc-header-weak-encryption(24954)

链接:http://xforce.iss.net/xforce/xfdb/24954

来源: REDHAT

名称: RHSA-2008:0261

链接:http://www.redhat.com/support/errata/RHSA-2008-0261.html

来源: SUSE

名称: SUSE-SR:2006:015

链接:http://www.novell.com/linux/security/advisories/2006_38_security.html

来源: GENTOO

名称: GLSA-200603-15

链接:http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml

来源: DEBIAN

名称: DSA-996

链接:http://www.debian.org/security/2006/dsa-996

来源: SREASON

名称: 488

链接:http://securityreason.com/securityalert/488

来源: SECUNIA

名称: 20899

链接:http://secunia.com/advisories/20899

来源: SECUNIA

名称: 19303

链接:http://secunia.com/advisories/19303

来源: SECUNIA

名称: 19187

链接:http://secunia.com/advisories/19187

受影响实体

Lincoln_d._stein Crypt_cbc:2.16 Lincoln_d._stein Crypt_cbc:2.15 Lincoln_d._stein Crypt_cbc:1.00 Lincoln_d._stein Crypt_cbc:1.10 Lincoln_d._stein Crypt_cbc:1.20

信息来源

http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-398

weinxin
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网 | 安全领域涉猎者-乌云独行地带
安全领域涉猎者-乌云独行地带
ZONE.CI 全球网
评论:0   参与:  0