vulnerability
FreeBSD: py-rsa -- Bleichenbacher'06 signature forgery vulnerability (CVE-2016-1494)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Jan 13, 2016 | Feb 5, 2016 | Oct 30, 2017 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Jan 13, 2016
Added
Feb 5, 2016
Modified
Oct 30, 2017
Description
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
Solution
freebsd-upgrade-package-py27-rsa
References
- CVE-2016-1494
- https://attackerkb.com/topics/CVE-2016-1494
- URL-http://www.openwall.com/lists/oss-security/2016/01/05/1
- URL-http://www.openwall.com/lists/oss-security/2016/01/05/3
- URL-https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by
- URL-https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
- URL-https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.