CVE-2012-3458

NameCVE-2012-3458
DescriptionBeaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors.
SourceCVE (at NVD; oss-sec, fulldisc, OSVDB, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, more)
ReferencesDSA-2541-1
NVD severitymedium (attack range: remote)
Debian Bugs684890
Debian/oldstablenot vulnerable.
Debian/stablenot vulnerable.
Debian/testingnot vulnerable.
Debian/unstablenot vulnerable.

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
beaker (PTS)squeeze (security), squeeze1.5.4-4+squeeze1fixed
wheezy1.6.3-1.1fixed
jessie, sid1.6.4-2fixed

The information above is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
beakersource(unstable)1.6.3-1.1medium684890
beakersourcesqueeze1.5.4-4+squeeze1mediumDSA-2541-1

Search for package or bug name: Reporting problems