CVE-2011-3599

Published Oct 10, 2011

Last updated 13 years ago

Overview

Description: The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
Source: secalert@redhat.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A6291000-01BD-4677-A83E-5AD03CA19ED8",
            "versionEndIncluding": "1.17"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "380B4E21-01EE-4AA7-8C3C-8FF9109AC13E"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.02:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "64C17BCB-BEFB-463B-9E19-E534739B6143"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.03:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C26BED95-412E-479F-8876-DEB487954F3E"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0B8FD92-1C81-4115-82AA-07340ED8788F"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.11:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FC2BBA6-1432-42A0-B8B3-6D79C2881543"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A7EE54C-6B92-48AC-A512-DF3F410034F6"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D6EE4E97-1BCC-482C-9977-DC57B7E19A59"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.14:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D590C83-D144-413B-811C-11E9D19BC0AE"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.15_01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C14C8C9F-BF85-4921-B017-2E3E63AC1FD1"
          },
          {
            "criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:1.16:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "066E1B1A-589B-47E2-AD79-BD24FEF94DBD"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References