FKIE_CVE-2012-2417

Vulnerability from fkie_nvd - Published: 2012-06-17 03:41 - Updated: 2025-04-11 00:51
Severity ?
Summary
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
References
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
cve@mitre.orghttp://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
cve@mitre.orghttp://secunia.com/advisories/49263Vendor Advisory
cve@mitre.orghttp://www.debian.org/security/2012/dsa-2502
cve@mitre.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2012:117
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2012/05/25/1
cve@mitre.orghttp://www.osvdb.org/82279
cve@mitre.orghttp://www.securityfocus.com/bid/53687
cve@mitre.orghttps://bugs.launchpad.net/pycrypto/+bug/985164
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/75871
cve@mitre.orghttps://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2Exploit, Patch
cve@mitre.orghttps://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
cve@mitre.orghttps://hermes.opensuse.org/messages/15083589
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/49263Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2502
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/05/25/1
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/82279
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/53687
af854a3a-2127-422b-91ae-364da2661108https://bugs.launchpad.net/pycrypto/+bug/985164
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
af854a3a-2127-422b-91ae-364da2661108https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
af854a3a-2127-422b-91ae-364da2661108https://hermes.opensuse.org/messages/15083589
Impacted products
Vendor Product Version
dlitz pycrypto *
dlitz pycrypto 1.0.0
dlitz pycrypto 1.0.1
dlitz pycrypto 1.0.2
dlitz pycrypto 1.1
dlitz pycrypto 1.9
dlitz pycrypto 1.9
dlitz pycrypto 1.9
dlitz pycrypto 1.9
dlitz pycrypto 1.9
dlitz pycrypto 1.9
dlitz pycrypto 2.0
dlitz pycrypto 2.0.1
dlitz pycrypto 2.1.0
dlitz pycrypto 2.1.0
dlitz pycrypto 2.1.0
dlitz pycrypto 2.1.0
dlitz pycrypto 2.2
dlitz pycrypto 2.3
dlitz pycrypto 2.4
dlitz pycrypto 2.4.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F321706-6D4D-4735-A12D-12053A46AA4A",
              "versionEndIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "8C16BEF3-223C-4B45-A18B-D7A02AEDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "17269B2D-6DC5-4461-9B5E-C2117B64BE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "8D987E42-7693-432F-8763-7E61370DB855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "1F10AF89-1388-4C90-878F-80FFB2FB8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "C238EDF9-FC34-4438-B081-DFE7388EC2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "52F16830-AD76-4154-88F5-087C32FD6237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "C0437CCF-1216-419A-86F5-BD0383E69DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "50B9564B-7382-481F-8CDE-B1F5224B4FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
    },
    {
      "lang": "es",
      "value": "Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada."
    }
  ],
  "id": "CVE-2012-2417",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-17T03:41:40.763",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/15083589"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.