| CNNVD-ID编号 | CNNVD-200602-398 |
| CVE编号 | CVE-2006-0898 |
| 发布时间 | 2006-02-25 |
| 更新时间 | 2006-02-27 |
| 漏洞类型 | 设计错误 |
| 漏洞来源 | The vendor disclosed this issue. |
| 危险等级 | 低危 |
| 威胁类型 | 远程 |
| 厂 商 | lincoln_d._stein |
Crypt::CBC Perl module 2.16及之前版本在RandomIV模式下运行时使用8个字节的初始化向量(IV),当与需要大于8字节块大小的密码(如Rijndael)一起使用时会导致更低的加密强度。
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
Lincoln D. Stein Crypt::CBC 1.25
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.02
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.08
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.11
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.05
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 1.21
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.10
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.14
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.01
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.00
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.15
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.03
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.07
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.12
Debian libcrypt-cbc-perl_2.12-1sarge1_all.deb
Debian GNU/Linux 3.1 alias sarge
http://security.debian.org/pool/updates/main/libc/libcrypt-cbc-perl/i bcrypt-cbc-perl_2.12-1sarge1_all.deb
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 1.10
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 1.20
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.16
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
Lincoln D. Stein Crypt::CBC 2.04
Lincoln D. Stein Crypt-CBC-2.17.tar.gz
http://search.cpan.org/CPAN/authors/id/L/LD/LDS/Crypt-CBC-2.17.tar.gz
来源: BID
名称: 16802
来源: BUGTRAQ
名称: 20060223 Vulnerability in Crypt::CBC Perl module, versions
链接:http://www.securityfocus.com/archive/1/archive/1/425966/100/0/threaded
来源: SECUNIA
名称: 31493
来源: REDHAT
名称: RHSA-2008:0630
来源: XF
名称: crypt-cbc-header-weak-encryption(24954)
来源: REDHAT
名称: RHSA-2008:0261
来源: SUSE
名称: SUSE-SR:2006:015
链接:http://www.novell.com/linux/security/advisories/2006_38_security.html
来源: GENTOO
名称: GLSA-200603-15
链接:http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml
来源: DEBIAN
名称: DSA-996
来源: SREASON
名称: 488
来源: SECUNIA
名称: 20899
来源: SECUNIA
名称: 19303
来源: SECUNIA
名称: 19187