Re: CVE request - mcrypt buffer overflow flaw

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/06/2012 08:37 AM, Vincent Danen wrote:
> I don't believe a CVE has been assigned to this, could one be?
>
> A buffer overflow was reported [1],[2] in mcrypt version 2.6.8 and
> earlier due to a boundary error in the processing of an encrypted file
> (via the check_file_head() function in src/extra.c).  If a user were
> tricked into attempting to decrypt a specially-crafted .nc encrypted
> flie, this flaw would cause a stack-based buffer overflow that could
> potentially lead to arbitrary code execution.
>
> References:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=855029
> https://secunia.com/advisories/50507/
> https://bugs.gentoo.org/show_bug.cgi?id=434112
> http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html

Please use CVE-2012-4409 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQSOOnAAoJEBYNRVNeJnmT/PUP/R6C79hCk1xi99UXcPG2kw6d
dkomXu8f5YbalbvIEwy3ekpndT+A1oj+VJu+msdBtV9eC5Q1EHw7LhHP4f8wkzYx
cpJCDhG9FpOZV1K8kG12lyloG2n5nXvVAZrGGqgnrl5AAq52tySmNJzkLV51DSAI
pQAhLiaaxiOjcb3VHFPIUswUCzx6nCgz5+u2NaCCTOHWBpDzP4viw2mu5KxSEu/6
tqptSU6qLuCJ1I5sjGIMYPJH9ACj0vTdqAwHq4sQRVeXIlDgZioGAAPc9cW4mwop
ZrvAYH8rJxbpCdthioxINitj4J6Pz02yYBTfPboT3OZQDs4xOJ8MEdOgVyGC5W9H
tvzbeBXI2mdZQN5bfXiTPsLiv+9gQTh9oGsoV7A722BWOn7jYZgpPHXEVTd9M5Lj
sAdWzkS7hTWfwei2obHXKRShkuw4rk/uaN6/DHoMPxE4Sdy9Xu3jlakL4KNqC8VT
eS0NuEAz8n6PAu+MJLT5F6azNJYVFUkUIiDIrwAjdnGHurm/WqMGY8BOo0nHo/zb
hJL1sdzoPQVR4Nq6hT7FuYkkIkA2WDbCEg1BVMgI2j7785zTt7+ncflJyYvBTTRX
Z4PpTteSAzOSdi3aDMYNdVjhLUn4Vhup+t09VJPt9so+/gIIGpWghTubFZM02jxK
CrgWc8/81S6PrE29lRZU
=JshC
-----END PGP SIGNATURE-----