Test ID:	1.3.6.1.4.1.25623.1.0.56403
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 996-1 (libcrypt-cbc-perl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to libcrypt-cbc-perl announced via advisory DSA 996-1. Lincoln Stein discovered that the Perl Crypt::CBC module produces weak ciphertext when used with block encryption algorithms with blocksize > 8 bytes. The old stable distribution (woody) does not contain a Crypt::CBC module. For the stable distribution (sarge) this problem has been fixed in version 2.12-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 2.17-1. We recommend that you upgrade your libcrypt-cbc-perl package. Solution: http://www.securityspace.com/smysecure/catid.html?in=DSA%20996-1 CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N
Cross-Ref:	BugTraq ID: 16802 Common Vulnerability Exposure (CVE) ID: CVE-2006-0898 http://www.securityfocus.com/bid/16802 Bugtraq: 20060223 Vulnerability in Crypt::CBC Perl module, versions <= 2.16 (Google Search) http://www.securityfocus.com/archive/1/425966/100/0/threaded Debian Security Information: DSA-996 (Google Search) http://www.debian.org/security/2006/dsa-996 http://www.gentoo.org/security/en/glsa/glsa-200603-15.xml http://www.redhat.com/support/errata/RHSA-2008-0261.html RedHat Security Advisories: RHSA-2008:0630 http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/18755 http://secunia.com/advisories/19187 http://secunia.com/advisories/19303 http://secunia.com/advisories/20899 http://secunia.com/advisories/31493 http://securityreason.com/securityalert/488 SuSE Security Announcement: SUSE-SR:2006:015 (Google Search) http://www.novell.com/linux/security/advisories/2006_38_security.html XForce ISS Database: crypt-cbc-header-weak-encryption(24954) https://exchange.xforce.ibmcloud.com/vulnerabilities/24954
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.