Gentoo Linux Advisory: libmcrypt | Linux Today
Security
SHARE
Facebook X Pinterest WhatsApp

Gentoo Linux Advisory: libmcrypt

Written By
Web Webster
Web Webster
Jan 6, 2003 
- - --------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200301-4
- - --------------------------------------------------------------------

PACKAGE : libmcrypt
SUMMARY : buffer overflows and memory exhaustion
DATE    : 2003-01-05 12:01 UTC
EXPLOIT : remote

- - --------------------------------------------------------------------

Post by Ilia Alshanetsky <ilia@prohost.org>:

"limbcrypt versions prior to 2.5.5 contain a number of buffer 
overflow vulnerabilities that stem from imporper or lacking input 
validation. By  passing a longer then expected input to a number of 
functions (multiple functions are affected) the user can successful 
make libmcrypt crash. 
 
Another vulnerability is due to the way libmcrypt loads algorithms via  
libtool. When the algorithms are loaded dynamically the each time the  
algorithm is loaded a small (few kilobytes) of memory are leaked. In a  
persistant enviroment (web server) this could lead to a memory 
exhaustion attack that will exhaust all avaliable memory by launching 
repeated requests at an application utilizing the mcrypt library. 
 
The solution to both of these problem is to upgrade to the latest 
release of libmcrypt, 2.5.5."

SOLUTION

It is recommended that all Gentoo Linux users who are running
dev-libs/libmcrypt-2.5.1-r4 or earlier update their systems as 
follows:

emerge rsync
emerge libmcrypt
emerge clean

- - --------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at www.gentoo.org/~aliz
- - --------------------------------------------------------------------
Web Webster

Web Webster

Web Webster has more than 20 years of writing and editorial experience in the tech sector. He’s written and edited news, demand generation, user-focused, and thought leadership content for business software solutions, consumer tech, and Linux Today, he edits and writes for a portfolio of tech industry news and analysis websites including webopedia.com, and DatabaseJournal.com.

Linux Today Logo

LinuxToday is a trusted, contributor-driven news resource supporting all types of Linux users. Our thriving international community engages with us through social media and frequent content contributions aimed at solving problems ranging from personal computing to enterprise-level IT operations. LinuxToday serves as a home for a community that struggles to find comparable information elsewhere on the web.

facebook
linkedin
x

Company

Contact us

Categories

News IT Management Infrastructure Developer Security High Performance Storage Blog

Property of TechnologyAdvice. © 2026 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information