LibTMCG Missing Range Check Insecure Group Generation Vulnerability
BID:23930
Info
LibTMCG Missing Range Check Insecure Group Generation Vulnerability
| Bugtraq ID: | 23930 |
| Class: | Design Error |
| CVE: |
CVE-2007-2640 |
| Remote: | Yes |
| Local: | No |
| Published: | May 11 2007 12:00AM |
| Updated: | May 07 2015 05:39PM |
| Credit: | The vendor disclosed this issue. |
| Vulnerable: |
LibTMCG LibTMCG 1.1 LibTMCG LibTMCG 1.0.1 LibTMCG LibTMCG 1.0 |
| Not Vulnerable: |
LibTMCG LibTMCG 1.1.1 |
Discussion
LibTMCG Missing Range Check Insecure Group Generation Vulnerability
LibTMCG generates groups in an insecure way.
Successfully exploiting this issue allows attackers to choose insecure values during the group-generation process. This results in the compromise of the security properties of the encryption algorythm implemented in the library. Exploiting this issue allows attackers to access potentially sensitive information. Other attacks may also be possible.
Versions of LibTMCG prior to 1.1.1 are vulnerable.
LibTMCG generates groups in an insecure way.
Successfully exploiting this issue allows attackers to choose insecure values during the group-generation process. This results in the compromise of the security properties of the encryption algorythm implemented in the library. Exploiting this issue allows attackers to access potentially sensitive information. Other attacks may also be possible.
Versions of LibTMCG prior to 1.1.1 are vulnerable.
Exploit / POC
LibTMCG Missing Range Check Insecure Group Generation Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
LibTMCG Missing Range Check Insecure Group Generation Vulnerability
Solution:
Version 1.1.1 of the affected library is available to address this issue. Please see the references for more information.
LibTMCG LibTMCG 1.0
LibTMCG LibTMCG 1.0.1
LibTMCG LibTMCG 1.1
Solution:
Version 1.1.1 of the affected library is available to address this issue. Please see the references for more information.
LibTMCG LibTMCG 1.0
-
LibTMCG libTMCG-1.1.1.tar.gz
http://download.savannah.gnu.org/releases/libtmcg/libTMCG-1.1.1.tar.gz
LibTMCG LibTMCG 1.0.1
-
LibTMCG libTMCG-1.1.1.tar.gz
http://download.savannah.gnu.org/releases/libtmcg/libTMCG-1.1.1.tar.gz
LibTMCG LibTMCG 1.1
-
LibTMCG libTMCG-1.1.1.tar.gz
http://download.savannah.gnu.org/releases/libtmcg/libTMCG-1.1.1.tar.gz
References
LibTMCG Missing Range Check Insecure Group Generation Vulnerability
References:
References:
- LibTMCG 1.1.1 released (LibTMCG)
- LibTMCG Home Page (LibTMCG)