key = xmlXPathPopString (ctxt);
key_len = xmlUTF8Strlen (str);
...
padkey = xmlMallocAtomic (RC4_KEY_LENGTH);
key_size = xmlUTF8Strsize (key, key_len);
memcpy (padkey, key, key_size);
memset (padkey + key_size, '\0', sizeof (padkey));
...
Heap-based buffer overflow in the parse_tag_3_packet function in
fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel
before 2.6.30.4 allows local users to cause a denial of service
(system crash) or possibly gain privileges via vectors involving a
crafted eCryptfs file, related to a large encrypted key size in a
Tag 3 packet. (CVE-2009-2407)
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the
Linux kernel 2.6.31 allows local users to cause a denial of service
(kernel OOPS) and possibly execute arbitrary code via unspecified
This is the first message the client can send after receiving a
server hello done message. This message is only sent if the
server requests a certificate.
So when the server does not request a client certificate, hook_connect_gnutls_set_certificates is never called and weechat does not
perform any check on the server certificate. It doesn't print any of the usual information about the dh key size and the content
of the server certificate either.
POC:
$ openssl genrsa -out server.key 4096
proper key, and there is no need to keep track of any additional information
aside from what is already in the encrypted file itself. Think of eCryptfs as
a sort of ``gnupgfs.''
The parse_tag_3_packet function of eCryptfs in-kernel key management code does
not check if the tag 3 packet contains a encrypted key size larger than
ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES, before copying the encrypted key to the
new_auth_tok structure, resulting in a kernel heap-based buffer overflow
vulnerability.
fs/ecryptfs/keystore.c
in the following example:
Router#show ip ssh
SSH Enabled - version 1.99
Authentication timeout: 120 secs; Authentication retries: 3
Minimum expected Diffie Hellman key size : 1024 bits
To determine if the IKE encrypted nonces feature is enabled, use the
"show running-config | include rsa-encr" command as follows:
Router#show running-config | inc rsa-encr
