CVE-2011-3599

描述

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

受影響套件(1)

• Debian/libcrypt-dsa-perlfrom 0, < 1.17-3

參考連結(1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2011-3599