Candidate: CVE-2012-4409
PublicDate: 2012-11-21 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4409
 http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html
 http://www.openwall.com/lists/oss-security/2012/09/06
Description:
 Stack-based buffer overflow in the check_file_head function in extra.c in
 mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute
 arbitrary code via an encrypted file with a crafted header containing long
 salt data that is not properly handled during decryption.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mcrypt:
upstream_mcrypt: released (2.6.8-1.1)
hardy_mcrypt: ignored (reached end-of-life)
lucid_mcrypt: ignored (reached end-of-life)
natty_mcrypt: ignored (reached end-of-life)
oneiric_mcrypt: ignored (reached end-of-life)
precise_mcrypt: ignored (reached end-of-life)
precise/esm_mcrypt: DNE (precise was needed)
quantal_mcrypt: not-affected (2.6.8-1.2)
raring_mcrypt: not-affected (2.6.8-1.2)
saucy_mcrypt: not-affected (2.6.8-1.2)
trusty_mcrypt: not-affected (2.6.8-1.2)
trusty/esm_mcrypt: DNE (trusty was not-affected [2.6.8-1.2])
utopic_mcrypt: not-affected (2.6.8-1.2)
vivid_mcrypt: not-affected (2.6.8-1.2)
vivid/stable-phone-overlay_mcrypt: DNE
vivid/ubuntu-core_mcrypt: DNE
wily_mcrypt: not-affected (2.6.8-1.2)
xenial_mcrypt: not-affected (2.6.8-1.2)
yakkety_mcrypt: not-affected (2.6.8-1.2)
zesty_mcrypt: not-affected (2.6.8-1.2)
devel_mcrypt: not-affected (2.6.8-1.2)