CVE-2005-0106
CVSS4.6
发布时间 :2005-05-03 00:00:00
修订时间 :2009-11-13 00:39:05
NMCOPS    

[原文]SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.


[CNNVD]Joshua Chamas Crypt::SSLeay Perl模块不安全信息熵源漏洞(CNNVD-200505-843)

        libnet-ssleay-perl的1.25之前版本中的SSLeay.pm如果在EGD_PATH变量中未设置源,使用/tmp/entropy文件为熵,本地用户可以通过修改此文件来减少某些操作的密码强度。

- CVSS (基础分值)

CVSS分值: 4.6 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0106
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0106
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-843
(官方数据源) CNNVD

- 其它链接及资源

http://www.ubuntulinux.org/support/documentation/usn/usn-113-1
(PATCH)  UBUNTU  USN-113-1
http://www.securityfocus.com/bid/13471
(UNKNOWN)  BID  13471
http://www.mandriva.com/security/advisories?name=MDKSA-2006:023
(UNKNOWN)  MANDRIVA  MDKSA-2006:023
http://secunia.com/advisories/18639
(UNKNOWN)  SECUNIA  18639

- 漏洞信息

Joshua Chamas Crypt::SSLeay Perl模块不安全信息熵源漏洞
中危 设计错误
2005-05-03 00:00:00 2005-10-20 00:00:00
本地  
        libnet-ssleay-perl的1.25之前版本中的SSLeay.pm如果在EGD_PATH变量中未设置源,使用/tmp/entropy文件为熵,本地用户可以通过修改此文件来减少某些操作的密码强度。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Joshua Chamas Crypt::SSLeay 1.25
        Mandriva perl-Net_SSLeay-1.25-4.1.101mdk.i586.rpm
        Mandriva Linux 10.1:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.101mdk.x86_64.rpm
        Mandriva Linux 10.1:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.102mdk.i586.rpm
        Mandriva Linux 10.2:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.102mdk.x86_64.rpm
        Mandriva Linux 10.2:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.20060mdk.i586.rpm
        Mandriva Linux 2006.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.20060mdk.x86_64.rpm
        Mandriva Linux 2006.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.C30mdk.i586.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads/
        Mandriva perl-Net_SSLeay-1.25-4.1.C30mdk.x86_64.rpm
        Corporate 3.0:
        http://wwwnew.mandriva.com/en/downloads/
        Joshua Chamas Crypt::SSLeay 0.51
        Ubuntu libnet-ssleay-perl_1.25-1ubuntu0.2_amd64.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/li bnet-ssleay-perl_1.25-1ubuntu0.2_amd64.deb
        Ubuntu libnet-ssleay-perl_1.25-1ubuntu0.2_i386.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/li bnet-ssleay-perl_1.25-1ubuntu0.2_i386.deb
        Ubuntu libnet-ssleay-perl_1.25-1ubuntu0.2_powerpc.deb
        Ubuntu 5.04 (Hoary Hedgehog)
        http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/li bnet-ssleay-perl_1.25-1ubuntu0.2_powerpc.deb
        

- 漏洞信息 (F38407)

Ubuntu Security Notice 113-1 (PacketStormID:F38407)
2005-07-02 00:00:00
Ubuntu  ubuntu.com
advisory
linux,ubuntu
CVE-2005-0106
[点击下载]

Ubuntu Security Notice USN-113-1 - Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a /tmp/entropy file with known content.

===========================================================
Ubuntu Security Notice USN-113-1	       May 03, 2005
libnet-ssleay-perl vulnerability
CAN-2005-0106
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

libnet-ssleay-perl

The problem can be corrected by upgrading the affected package to version
1.25-1ubuntu0.2.  In general, a standard system upgrade is sufficient to effect
the necessary changes.

Details follow:

Javier Fernandez-Sanguino Pena discovered that this library used the
file /tmp/entropy as a fallback entropy source if a proper source was
not set in the environment variable EGD_PATH. This can potentially
lead to weakened cryptographic operations if an attacker provides a
/tmp/entropy file with known content.

The updated package requires the specification of an entropy source
with EGD_PATH and also requires that the source is a socket (as
opposed to a normal file).

Please note that this only affects systems which have egd installed
from third party sources; egd is not shipped with Ubuntu.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2.dsc
      Size/MD5:  668 90dfb26e445d7eeb68ee39c69148c649
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2.diff.gz
      Size/MD5:  5901 b148bdb144acea8eff268f766b6cb6c0
    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25.orig.tar.gz
      Size/MD5:    76627 d32f3fa38b1c49a2a98e75577d5dc10b

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_i386.deb
      Size/MD5:  177492 2a5250e82cd4dac83a061d0e6de68423

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_powerpc.deb
      Size/MD5:  182298 d7d20090fb0b24a620f79e50d39ff0a4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/libn/libnet-ssleay-perl/libnet-ssleay-perl_1.25-1ubuntu0.2_amd64.deb
      Size/MD5:  179592 931ccca9ba5fe8bd0a89152f7b6b6cef

    

- 漏洞信息

16253
Perl Net::SSLeay Module Entropy Source Manipulation Weakness
Local Access Required Input Manipulation
Loss of Integrity Upgrade
Exploit Unknown Vendor Verified

- 漏洞描述

The Perl Net::SSLeay module contains a flaw in the handling of the entropy source. The issue is triggered when the entropy source is improperly taken from the /tmp/entropy file if the 'EGD_PATH' environment variable is not defined. With a specially crafted request, a local attacker can manipulate certain cryptopgraphic operations.

- 时间线

2005-05-03 Unknow
Unknow 2003-08-18

- 解决方案

It has been reported that this issue has been fixed. Upgrade to version 1.25, or higher, to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Joshua Chamas Crypt::SSLeay Perl Module Insecure Entropy Source Vulnerability
Design Error 13471
No Yes
2005-05-03 12:00:00 2006-08-24 10:59:00
Javier Fernandez-Sanguino Pena is credited with the discovery of this issue.

- 受影响的程序版本

Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0 AMD64
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
Joshua Chamas Crypt::SSLeay 0.51
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
Joshua Chamas Crypt::SSLeay 1.25
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64

- 漏洞讨论

Crypt::SSLeay is prone to a security vulnerability. Reports indicate that the library employs a file from a world-writable location for its fallback entropy source. The module defaults to this file if a proper entropy source is not set.

If the affected library is using the insecure file as a source of entropy, a local attacker may replace the contents of the file with known text. This known text is then employed to seed cryptographic operations. This may lead to weak cryptographic operations.

- 漏洞利用

No exploit is required.

- 解决方案


Please see the referenced advisories for further information:

- Ubuntu Linux has released advisory USN-113-1 to address this issue.
- Mandriva has released advisory MDKSA-2006:023 to address this issue.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com mailto:vuldb@securityfocus.commailto:vuldb@securityfocus.com.


Joshua Chamas Crypt::SSLeay 1.25

Joshua Chamas Crypt::SSLeay 0.51

- 相关参考

     

     

    关于SCAP中文社区

    SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

    版权声明

    CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站