CVE-2012-4409

Mcrypt < 2.6.8 - Memory Corruption

Title source: rule

Description

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Tosh · perllocallinux

https://www.exploit-db.com/exploits/22928

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by _ishikawa · pythondoslinux

https://www.exploit-db.com/exploits/22938

View Code ZIP pw:eip

References (9)

[Exploit] http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html

[Vendor Advisory] http://secunia.com/advisories/50507

[Third Party Advisory] http://secunia.com/advisories/51010

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1027532

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=855029

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-September/086519.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087542.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2012-September/088281.html

[Mailing List] http://www.openwall.com/lists/oss-security/2012/09/06/4

Scores

EPSS 0.5874

EPSS Percentile 98.2%

Details

CWE

CWE-119

Status published

Products (5)

mcrypt/mcrypt 2.6.4

mcrypt/mcrypt 2.6.5

mcrypt/mcrypt 2.6.6

mcrypt/mcrypt 2.6.7

mcrypt/mcrypt < 2.6.8

Published Nov 21, 2012

Tracked Since Feb 18, 2026