FreeBSD : libtomcrypt -- weak signature scheme with ECC keys (a78299e7-9ef3-11da-b410-000e0c2e438a)

high Nessus Plugin ID 21489

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Secure Science Corporation reports that libtomcrypt is vulnerable to a weak signature scheme. This allows an attacker to create a valid random signature and use that to sign arbitrary messages without requiring the private key.

Solution

Update the affected package.

See Also

https://marc.info/?l=bugtraq&m=111540819703204

http://www.nessus.org/u?2f7f3313

Plugin Details

Severity: High

ID: 21489

File Name: freebsd_pkg_a78299e79ef311dab410000e0c2e438a.nasl

Version: 1.14

Type: local

Published: 5/13/2006

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:libtomcrypt, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2/16/2006

Vulnerability Publication Date: 5/1/2005