Vulnerabilities > CVE-2011-3599 - Cryptographic Issues vulnerability in Adam Kennedy Crypt-Dsa
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | Adam_Kennedy
| 11 |
| Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2013-15786.NASL description As taught by the last seen 2020-03-17 modified 2013-09-13 plugin id 69858 published 2013-09-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69858 title Fedora 19 : perl-Crypt-DSA-1.17-10.fc19 (2013-15786) NASL family Fedora Local Security Checks NASL id FEDORA_2013-15755.NASL description As taught by the last seen 2020-03-17 modified 2013-09-13 plugin id 69857 published 2013-09-13 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69857 title Fedora 18 : perl-Crypt-DSA-1.17-10.fc18 (2013-15755) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-241.NASL description A vulnerability has been discovered and corrected in perl-Crypt-DSA : The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack (CVE-2011-3599). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 70133 published 2013-09-26 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70133 title Mandriva Linux Security Advisory : perl-Crypt-DSA (MDVSA-2013:241)
References
- http://osvdb.org/76025
- http://secunia.com/advisories/46275
- http://www.openwall.com/lists/oss-security/2011/10/05/5
- http://www.openwall.com/lists/oss-security/2011/10/05/9
- http://www.securityfocus.com/bid/49928
- https://bugzilla.redhat.com/show_bug.cgi?id=743567
- https://rt.cpan.org/Public/Bug/Display.html?id=71421
- http://osvdb.org/76025
- https://rt.cpan.org/Public/Bug/Display.html?id=71421
- https://bugzilla.redhat.com/show_bug.cgi?id=743567
- http://www.securityfocus.com/bid/49928
- http://www.openwall.com/lists/oss-security/2011/10/05/9
- http://www.openwall.com/lists/oss-security/2011/10/05/5
- http://secunia.com/advisories/46275