All the vulnerabilites related to adam_kennedy - crypt-dsa
cve-2011-3599
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/49928 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2011/10/05/9 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/76025 | vdb-entry, x_refsource_OSVDB | |
| https://rt.cpan.org/Public/Bug/Display.html?id=71421 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=743567 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/10/05/5 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/46275 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"refsource": "OSVDB",
"url": "http://osvdb.org/76025"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=71421",
"refsource": "MISC",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3599",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adam_kennedy | crypt-dsa | * | |
| adam_kennedy | crypt-dsa | 0.01 | |
| adam_kennedy | crypt-dsa | 0.02 | |
| adam_kennedy | crypt-dsa | 0.03 | |
| adam_kennedy | crypt-dsa | 0.10 | |
| adam_kennedy | crypt-dsa | 0.11 | |
| adam_kennedy | crypt-dsa | 0.12 | |
| adam_kennedy | crypt-dsa | 0.13 | |
| adam_kennedy | crypt-dsa | 0.14 | |
| adam_kennedy | crypt-dsa | 0.15_01 | |
| adam_kennedy | crypt-dsa | 1.16 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291000-01BD-4677-A83E-5AD03CA19ED8",
"versionEndIncluding": "1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "380B4E21-01EE-4AA7-8C3C-8FF9109AC13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "64C17BCB-BEFB-463B-9E19-E534739B6143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "C26BED95-412E-479F-8876-DEB487954F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FD92-1C81-4115-82AA-07340ED8788F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC2BBA6-1432-42A0-B8B3-6D79C2881543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EE54C-6B92-48AC-A512-DF3F410034F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE4E97-1BCC-482C-9977-DC57B7E19A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4D590C83-D144-413B-811C-11E9D19BC0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.15_01:*:*:*:*:*:*:*",
"matchCriteriaId": "C14C8C9F-BF85-4921-B017-2E3E63AC1FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "066E1B1A-589B-47E2-AD79-BD24FEF94DBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
},
{
"lang": "es",
"value": "El m\u00f3dulo Crypt::DSA (tambi\u00e9n conocido como Crypt-DSA) v1.17 y anterior para Perl, cuando /dev/random est\u00e1 ausente, usa el m\u00f3dulo Data::Random, lo que hace m\u00e1s f\u00e1cil para atacantes remotos falsificar la firma, o determinar una clave de firma en un mensaje firmado, a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2011-3599",
"lastModified": "2024-11-21T01:30:49.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.863",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/76025"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46275"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}