FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-rsa -- Bleichenbacher'06 signature forgery vulnerability

Affected packages
py27-rsa < 3.3
py32-rsa < 3.3
py33-rsa < 3.3
py34-rsa < 3.3
py35-rsa < 3.3

Details

VuXML ID e78bfc9d-cb1e-11e5-b251-0050562a4d7b
Discovery 2016-01-05
Entry 2016-02-04

Filippo Valsorda reports:

python-rsa is vulnerable to a straightforward variant of the Bleichenbacher'06 attack against RSA signature verification with low public exponent.

References

CVE Name CVE-2016-1494
URL http://www.openwall.com/lists/oss-security/2016/01/05/1
URL http://www.openwall.com/lists/oss-security/2016/01/05/3
URL https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by
URL https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
URL https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494