mailing list archives
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names
From: "Steven M. Christey" <coley () rcf-smtp mitre org>
Date: Mon, 19 Nov 2012 22:12:04 -0500 (EST)
For my own clarification - where does this long file name come from? If
it's only provided on the command line, then I don't see how this would be
a vulnerability, since the person executing mcrypt would only be attacking
themselves. (CVE-2012-4409 is still OK since one wouldn't expect code
execution when decrypting the contents of a file.)
On Thu, 18 Oct 2012, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE-----
On 10/18/2012 07:50 AM, Jan Lieskovsky wrote:
Hello Kurt, Steve, vendors,
Attila Bogar reported a stack-based buffer overflow
in the way MCrypt, a crypt() package and crypt(1) command
replacement, used to encrypt / decrypt files with overly
long names (longer than 128 bytes). A remote attacker
could provide a specially-crafted file that, when processed
by the mcrypt too, would lead to mcrypt executable crash [*].
A different vulnerability than CVE-2012-4409:
Note: Using Red Hat bugzilla record for CVE-2012-4409 since
particular Mitre record is not described yet.
Patch proposed by Attila:
To reproduce let mcrypt encrypt / decrypt file with name
longer ~128 bytes.
Could you allocate a CVE id for this?
Thank you && Regards, Jan.
Jan iankko Lieskovsky / Red Hat Security Response Team
[*] FORTIFY_SOURCE protection mechanism would mitigate this
deficiency to result into crash only. But on systems, without
FORTIFY_SOURCE protection being applied, the impact might be
P.S.: I am not sure about relation of this issue to the issue
Raphael Geissert reported previously:
so CC-in him too, he to clarify if  == , or if
they are yet different issues. Raphael, please clarify.
Please use CVE-2012-4527 for this issue.
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
-----END PGP SIGNATURE-----
Re: CVE Request -- mcrypt: stack-based buffer overflow by encryption / decryption of overly long file names Raphael Geissert (Oct 19)