Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:262)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated python-pycrypto package fixes security vulnerability :

In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number
generator (PRNG) exhibits a race condition that may cause it to
generate the same 'random' output in multiple processes that are
forked from each other. Depending on the application, this could
reveal sensitive information or cryptographic keys to remote attackers
(CVE-2013-1445).

See also :

http://advisories.mageia.org/MGASA-2013-0319.html

Solution :

Update the affected python-pycrypto package.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 70681 ()

Bugtraq ID: 63201

CVE ID: CVE-2013-1445

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now