CentOS 4 : gnutls (CESA-2006:0207)

Updated gnutls packages that fix a security issue are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. The GNU TLS Library provides support for cryptographic algorithms and protocols such as TLS. GN...

DSA-996-1 libcrypt-cbc-perl - programming error

Bulletin has no description...

Vulnerability in Crypt::CBC Perl module, versions <= 2.16

Perl Module Security Advisory ------------------------------------------------------------------------------- Title: Crypt::CBC ciphertext weakness when using certain block algorithms Severity: High Versions: All versions = 2.16. Date: 23 February 2006...

WebEOC implements weak algorithms to encrypt sensitive information

Overview WebEOC uses weak cryptographic algorithms to encrypt sensitive information. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information between emergency personnel and Emergency Operations Centers...

WebEOC uses a global shared key

Overview WebEOC installations may use the a common secret key to encrypt data. If an attacker can retrieve this key from one site, they will be able to decipher all data encoded with the key across all WebEOC installations. Description WebEOC is a web-based crisis information management applicati...

USN-126-1: GNU TLS library vulnerability

A Denial of Service vulnerability was discovered in the GNU TLS library, which provides common cryptographic algorithms and is used by many applications in Ubuntu. Due to a missing consistency check of the padding length field, specially crafted ciphertext blocks caused an out of bounds memory...

libgcc contains multiple flaws that allow integer type range vulnerabilities to occur at runtime

Overview The libgcc runtime for the gcc and g++ compilers contain multiple flaws that can result in integer type range vulnerabilities in programs that are compiled using the -ftrapv option. Description Both gcc and g++ provide an -ftrapv compiler option that, according to the gcc man page,...

CVE-2003-0147

OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer multiplication algorithms...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...

CVE-2002-0954

The encryption algorithms for enable and passwd commands on Cisco PIX Firewall can be executed quickly due to a limited number of rounds, which make it easier for an attacker to decrypt the passwords using brute force techniques...

CVE-2002-0954

CVE-2002-0954 relates to Cisco PIX Firewall where the encryption algorithms for the enable and passwd commands can be cracked quickly due to a limited number of rounds. The published description indicates that this weakness facilitates brute‑force decryption of stored or transmitted passwords. Th...

WU-FTPD 2.4/2.5/2.6 / Trolltech ftpd 1.2 / ProFTPd 1.2 / BeroFTPD 1.3.4 FTP - glob Expansion

source: https://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates pathnames from file name patterns used by the shell, eg. wildcards denoted by and ?,...

WU-FTPD 2.42.52.6 Trolltech ftpd 1.2 ProFTPd 1.2 BeroFTPD 1.3.4 FTP - glob Expansion

WU-FTPD 2.42.52.6 Trolltech ftpd 1.2 ProFTPd 1.2 BeroFTPD 1.3.4 FTP - glob Expansion source: https://www.securityfocus.com/bid/2496/info Many FTP servers are vulnerable to a denial of service condition resulting from poor globbing algorithms and user resource usage limits. Globbing generates...

Traceroute Information

Makes a traceroute to the remote host. TRUSTED...

SSH Server Type and Version Information

It is possible to obtain information about the remote SSH server by sending an empty authentication request. TRUSTED...

ssh-insertion-attack.txt

------------------------------------------------------------------------------- CORE SDI S.A. Buenos Aires, Argentina Security Advisory June 11th, 1998 SSH insertion attack ------------------------------------------------------------------------------- This advisory addresses a vulnerability...