A mathematical flaw in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libtomcrypt | Libtomcrypt | 1.0 (including) | 1.0 (including) |
| Libtomcrypt | Libtomcrypt | 1.0.1 (including) | 1.0.1 (including) |
| Libtomcrypt | Libtomcrypt | 1.0.2 (including) | 1.0.2 (including) |
References
- http://secunia.com/advisories/15233
- http://www.osvdb.org/16188
- http://www.securiteam.com/unixfocus/5JP092AFPG.html
- http://www.securityfocus.com/bid/13473
- http://www.securityfocus.org/archive/1/397649
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20455
- http://secunia.com/advisories/15233
- http://www.osvdb.org/16188
- http://www.securiteam.com/unixfocus/5JP092AFPG.html
- http://www.securityfocus.com/bid/13473
- http://www.securityfocus.org/archive/1/397649
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20455