Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2012-4409

Published: 21/11/2012 Updated: 02/04/2013
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 690
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Mcrypt

Vulnerability Summary

Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and previous versions allows user-assisted remote malicious users to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not properly handled during decryption.

Vulnerable Product Search on Vulmon Subscribe to Product

mcrypt mcrypt 2.6.5

mcrypt mcrypt 2.6.4

mcrypt mcrypt

mcrypt mcrypt 2.6.7

mcrypt mcrypt 2.6.6

Exploits

Exploit DB: mcrypt 2.5.8 Stack Based Overflow
mcrypt versions 258 and below stack based overflow exploit Bypasses NX and ASLR protections ...
Exploit DB: mcrypt 2.6.8 - Stack Buffer Overflow (PoC)
#!/usr/bin/env python # mcrypt <= 268 stack-based buffer overflow poc # mcryptsourceforgenet/ # (the command line tool, not the library) # # date: 2012-09-04 # exploit author: _ishikawa # tested on: ubuntu 12041 # tech: it overflows in check_file_head() when decrypting nc files with too long salt data # # shout-outs to all cryptop ...
Exploit DB: mcrypt 2.5.8 - Local Stack Overflow
#!/usr/bin/perl # Title : mcrypt <= 258 STACK based overflow # Date : 23/11/2012 # Exploit Author : Tosh # CVE : CVE-2012-4409 # Patch : wwwopenwallcom/lists/oss-security/2012/09/06/8 # Tested on : Archlinux 366-1, without SSP # This script exploit a stack based overflow in mcrypt < ...

References

CWE-119http://www.openwall.com/lists/oss-security/2012/09/06/4https://bugzilla.redhat.com/show_bug.cgi?id=855029http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.htmlhttp://secunia.com/advisories/50507http://www.securitytracker.com/id?1027532http://secunia.com/advisories/51010http://lists.fedoraproject.org/pipermail/package-announce/2012-September/087542.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/086519.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2012-September/088281.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/118353/mcrypt-2.5.8-Stack-Based-Overflow.htmlhttps://www.exploit-db.com/exploits/22938/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook