Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Multiple libmcrypt vulnerabilities
From: "Ilia A." <ilia () prohost org>
Date: Fri, 3 Jan 2003 15:41:24 -0500
limbcrypt versions prior to 2.5.5 contain a number of buffer overflow 
vulnerabilities that stem from imporper or lacking input validation. By 
passing a longer then expected input to a number of functions (multiple 
functions are affected) the user can successful make libmcrypt crash.

Another vulnerability is due to the way libmcrypt loads algorithms via 
libtool. When the algorithms are loaded dynamically the each time the 
algorithm is loaded a small (few kilobytes) of memory are leaked. In a 
persistant enviroment (web server) this could lead to a memory exhaustion 
attack that will exhaust all avaliable memory by launching repeated requests 
at an application utilizing the mcrypt library.

The solution to both of these problem is to upgrade to the latest release of 
libmcrypt, 2.5.5.


Ilia Alshanetsky

  By Date           By Thread  

Current thread:
  • Multiple libmcrypt vulnerabilities Ilia A. (Jan 03)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]