CVE-2016-1494

Опубликовано: 13 янв. 2016

Источник: debian

Описание

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-rsa	fixed	3.2.3-1.1		package
python-rsa	fixed	3.1.4-1+deb8u1	jessie	package

Примечания

proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/

Связанные уязвимости

CVE-2016-1494

CVSS3: 5.3

ubuntu

около 10 лет назад

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

CVE-2016-1494

CVSS3: 5.3

nvd

около 10 лет назад

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

CVE-2016-1494

msrc

5 месяцев назад

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

openSUSE-SU-2016:0108-1

suse-cvrf

около 10 лет назад

Security update for python-rsa

SUSE-SU-2016:0107-1

suse-cvrf

около 10 лет назад

Security update for python-rsa