Vigil@nce: PyCrypto, buffer overflow of ARC2
March 2009 by Vigil@nce
An attacker can use a long ARC2 key in order to generate an
overflow in PyCrypto.
– Gravity: 2/4
– Consequences: user access/rights, denial of service of service
– Provenance: document
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 26/02/2009
IMPACTED PRODUCTS
– Debian Linux
– Mandriva Corporate
– Mandriva Linux
– Unix - plateform
DESCRIPTION OF THE VULNERABILITY
The PyCrypto module implements cryptographic functions for Python.
It implements ARC2, a block encryption algorithm.
The ARC2 encryption key is stored in a fixed size array, without
checking its size. When the victim uses a long key, an overflow
thus occurs in applications using PyCrypto.
An attacker can therefore use a long ARC2 key in order to generate
an overflow in PyCrypto, leading to a denial of service or to code
execution.
CHARACTERISTICS
– Identifiers: BID-33674, CVE-2009-0544, DSA 1726-1, MDVSA-2009:049,
MDVSA-2009:050, VIGILANCE-VUL-8494
– Url: http://vigilance.fr/vulnerability/PyCrypto-buffer-overflow-of-ARC2-8494