oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2013-2228 : Salt Stack RSA exponent of 1 (there can be only one! da-na-naaah! na-na-na-naahh-nah-nahhh!)

From: Kurt Seifried <kseifried () redhat com>
Date: Sun, 30 Jun 2013 20:40:32 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

https://github.com/saltstack/salt/commit/5dd304276ba5745ec21fc1e6686a0b28da29e6fc

This is indeed CVE worthy, for example we have CVE-2006-7140 and
CVE-2011-4121 for RSA exponent 3, so RSA exponent 1 definitely qualifies.

Please use CVE-2013-2228 for the RSA exponent of 1 in Salt Stack

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJR0OwgAAoJEBYNRVNeJnmTECcQAMPrHTHY3nNvgtsjqFbVZWme
AJO/Ir5ETsUPK9fOoesSA5i4XVKD+fTUp/FJp5hkd9B8tJeunvboRAj28lOePyr/
pJ1cFT6JcMCxiQdkMZYh2ALqlRRWscyd2t+GbhE+SJPXv/XvGcuk9rGobqWf4rxL
zcIQtdfQtzoF3zqU1sdLruPbRWJmuI+IPXN5io1+vsqhZQTeod8+Ixn42Ridb8L5
sCzKrLzp9UPZwJJ81QdNi9O6pVBdahZ7DvKvTSdGeZeOf404dHpc6ESaL261kBCv
y8SRa7wJGGd+gia1Iy5nt3FwiWDkw5IUv8m5VK7honuJinGZ59musoVvZCgwk0gx
2bdOoVucf6FFC/eePEI8YSOzJAusx6xjvNxp7ECQAEJ0OKIWF8wtCWY8+WRtuJYB
tzvZzN/GfLt5/TCqNa6CYKFBdoWp38DmRvo9WI8kGKBnmILx9iCiVybpYPs75CU5
CT+GZu05pSY4FgiUNAHqZViUTDBpBeRagpNiiMIUKyyeaRVHwf752FUOUAWZ4BO+
hR//vZbb/c3XVrLCW9rfjB7BFRHUQ0vEKvxvpPnsdX94qjWGq9dD1CwfNxLV7CvC
3QqfCtDYxp04SDgTIquCg3IsjQo9S7LMOhlBtU6AdLjtIErzW9xkKsYuHQ1XcoF9
d87rT51nyqviXGzTYs9C
=vhe1
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: