LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

mcrypt: code execution

Package(s):mcrypt CVE #(s):CVE-2012-4409
Created:September 19, 2012 Updated:October 17, 2012
Description: From the Red Hat bugzilla:

A buffer overflow was reported in mcrypt version 2.6.8 and earlier due to a boundary error in the processing of an encrypted file (via the check_file_head() function in src/extra.c). If a user were tricked into attempting to decrypt a specially-crafted .nc encrypted flie, this flaw would cause a stack-based buffer overflow that could potentially lead to arbitrary code execution.

Alerts:
Fedora FEDORA-2012-13656 2012-09-19
Fedora FEDORA-2012-13657 2012-09-26
openSUSE openSUSE-SU-2012:1354-1 2012-10-17
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds