CVE-2011-3599
Severity CVSS v4.0:
Pending analysis
Type:
CWE-310
Cryptographic Issues
Publication date:
10/10/2011
Last modified:
11/04/2025
Description
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:* | 1.17 (including) | |
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.02:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.03:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.10:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.11:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:0.15_01:*:*:*:*:*:*:* | ||
| cpe:2.3:a:adam_kennedy:crypt-dsa:1.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://osvdb.org/76025
- http://secunia.com/advisories/46275
- http://www.openwall.com/lists/oss-security/2011/10/05/5
- http://www.openwall.com/lists/oss-security/2011/10/05/9
- http://www.securityfocus.com/bid/49928
- https://bugzilla.redhat.com/show_bug.cgi?id=743567
- https://rt.cpan.org/Public/Bug/Display.html?id=71421
- http://osvdb.org/76025
- http://secunia.com/advisories/46275
- http://www.openwall.com/lists/oss-security/2011/10/05/5
- http://www.openwall.com/lists/oss-security/2011/10/05/9
- http://www.securityfocus.com/bid/49928
- https://bugzilla.redhat.com/show_bug.cgi?id=743567
- https://rt.cpan.org/Public/Bug/Display.html?id=71421