FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-rsa -- Bleichenbacher'06 signature forgery vulnerability

Affected packages
		py27-rsa	<	3.3
		py32-rsa	<	3.3
		py33-rsa	<	3.3
		py34-rsa	<	3.3
		py35-rsa	<	3.3

Details

VuXML ID	e78bfc9d-cb1e-11e5-b251-0050562a4d7b
Discovery	2016-01-05
Entry	2016-02-04

Filippo Valsorda reports:

python-rsa is vulnerable to a straightforward variant of the Bleichenbacher'06 attack against RSA signature verification with low public exponent.

[source]

References

CVE Name	CVE-2016-1494
URL	http://www.openwall.com/lists/oss-security/2016/01/05/1
URL	http://www.openwall.com/lists/oss-security/2016/01/05/3
URL	https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by
URL	https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
URL	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.