OSVDB ID: 85194

Title: mcrypt src/extra.c check_file_head() Function Encrypted File Header Handling Overflow

Info

Disclosure

Sep 07, 2012

Discovery

Unknown

Dates

Exploit

Sep 06, 2012

Solution

Unknown

Description

mcrypt is prone to an overflow condition. The check_file_head() function of src/extra.c fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted encrypted file header, a context-dependent attacker can potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Third-party Verified, Uncoordinated Disclosure

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

John Smith

mcrypt

2.6.8

References

Security Tracker: 1027532
CVE ID: 2012-4409 (see also: NVD)
Exploit Database: 22928 22938
Secunia Advisory ID: 50507 51010
Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-updates/2012-10/msg00058.html
Vendor URL: http://mcrypt.sourceforge.net/
Packet Storm: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html
http://packetstormsecurity.org/files/118353/mcrypt-2.5.8-Stack-Based-Overflow.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/85194