1. CVE-Search
  2. CVE-2006-0898
ID CVE-2006-0898
Summary Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV mode, uses an initialization vector (IV) of 8 bytes, which results in weaker encryption when used with a cipher that requires a larger block size than 8 bytes, such as Rijndael.
References
Vulnerable Configurations
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.00:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.00:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.10:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.10:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.20:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.20:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.21:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.21:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.22:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.22:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.24:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.24:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.25:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:1.25:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.00:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.00:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.01:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.01:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.02:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.02:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.03:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.03:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.04:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.04:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.05:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.05:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.07:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.07:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.08:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.08:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.09:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.09:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.10:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.10:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.11:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.11:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.12:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.12:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.13:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.13:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.14:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.14:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.15:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:2.15:*:*:*:*:*:*:*
  • cpe:2.3:a:lincoln_d._stein:crypt_cbc:*:*:*:*:*:*:*:*
    cpe:2.3:a:lincoln_d._stein:crypt_cbc:*:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 18-10-2018 - 16:29)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:N/A:N
redhat via4
advisories
  • rhsa
    id RHSA-2008:0261
  • rhsa
    id RHSA-2008:0630
rpms
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jabberd-0:2.0s10-3.37.rhn
  • jabberd-0:2.0s10-3.38.rhn
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-0:1.4.2.10-1jpp.2.el4
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el3
  • java-1.4.2-ibm-devel-0:1.4.2.10-1jpp.2.el4
  • jfreechart-0:0.9.20-3.rhn
  • openmotif21-0:2.1.30-11.RHEL4.6
  • openmotif21-0:2.1.30-9.RHEL3.8
  • openmotif21-debuginfo-0:2.1.30-11.RHEL4.6
  • openmotif21-debuginfo-0:2.1.30-9.RHEL3.8
  • perl-Crypt-CBC-0:2.24-1.el3
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-apache-0:1.3.27-36.rhn.rhel3
  • rhn-apache-0:1.3.27-36.rhn.rhel4
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel3
  • rhn-modjk-ap13-0:1.2.23-2rhn.rhel4
  • rhn-modperl-0:1.29-16.rhel3
  • rhn-modperl-0:1.29-16.rhel4
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel3
  • rhn-modssl-0:2.8.12-8.rhn.10.rhel4
  • tomcat5-0:5.0.30-0jpp_10rh
  • jfreechart-0:0.9.20-3.rhn
  • mod_perl-0:2.0.2-12.el4
  • mod_perl-debuginfo-0:2.0.2-12.el4
  • perl-Crypt-CBC-0:2.24-1.el4
  • rhn-html-0:5.1.1-7
  • tomcat5-0:5.0.30-0jpp_10rh
refmap via4
bid 16802
bugtraq 20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16
debian DSA-996
gentoo GLSA-200603-15
secunia
  • 18755
  • 19187
  • 19303
  • 20899
  • 31493
sreason 488
suse SUSE-SR:2006:015
xf crypt-cbc-header-weak-encryption(24954)
Last major update 18-10-2018 - 16:29
Published 25-02-2006 - 11:02
Last modified 18-10-2018 - 16:29
Back to Top