oss-sec mailing list archives
CVE-2013-2228 : Salt Stack RSA exponent of 1 (there can be only one! da-na-naaah! na-na-na-naahh-nah-nahhh!)
From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 30 Jun 2013 20:40:32 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc This is indeed CVE worthy, for example we have CVE-2006-7140 and CVE-2011-4121 for RSA exponent 3, so RSA exponent 1 definitely qualifies. Please use CVE-2013-2228 for the RSA exponent of 1 in Salt Stack - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJR0OwgAAoJEBYNRVNeJnmTECcQAMPrHTHY3nNvgtsjqFbVZWme AJO/Ir5ETsUPK9fOoesSA5i4XVKD+fTUp/FJp5hkd9B8tJeunvboRAj28lOePyr/ pJ1cFT6JcMCxiQdkMZYh2ALqlRRWscyd2t+GbhE+SJPXv/XvGcuk9rGobqWf4rxL zcIQtdfQtzoF3zqU1sdLruPbRWJmuI+IPXN5io1+vsqhZQTeod8+Ixn42Ridb8L5 sCzKrLzp9UPZwJJ81QdNi9O6pVBdahZ7DvKvTSdGeZeOf404dHpc6ESaL261kBCv y8SRa7wJGGd+gia1Iy5nt3FwiWDkw5IUv8m5VK7honuJinGZ59musoVvZCgwk0gx 2bdOoVucf6FFC/eePEI8YSOzJAusx6xjvNxp7ECQAEJ0OKIWF8wtCWY8+WRtuJYB tzvZzN/GfLt5/TCqNa6CYKFBdoWp38DmRvo9WI8kGKBnmILx9iCiVybpYPs75CU5 CT+GZu05pSY4FgiUNAHqZViUTDBpBeRagpNiiMIUKyyeaRVHwf752FUOUAWZ4BO+ hR//vZbb/c3XVrLCW9rfjB7BFRHUQ0vEKvxvpPnsdX94qjWGq9dD1CwfNxLV7CvC 3QqfCtDYxp04SDgTIquCg3IsjQo9S7LMOhlBtU6AdLjtIErzW9xkKsYuHQ1XcoF9 d87rT51nyqviXGzTYs9C =vhe1 -----END PGP SIGNATURE-----
Current thread:
- CVE-2013-2228 : Salt Stack RSA exponent of 1 (there can be only one! da-na-naaah! na-na-na-naahh-nah-nahhh!) Kurt Seifried (Jun 30)