534 matches found
foreman-proxy: failure to verify SSL certificates
It was discovered that foreman-proxy, when running in SSL-secured mode, did not correctly verify SSL client certificates. This could permit any client with access to the API to make requests and perform actions otherwise restricted...
Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2459-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2459-1 advisory. Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled...
USN-2459-1 openssl vulnerabilities
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3571...
USN-2459-1: OpenSSL vulnerabilities
Pieter Wuille discovered that OpenSSL incorrectly handled Bignum squaring. CVE-2014-3570 Markus Stenberg discovered that OpenSSL incorrectly handled certain crafted DTLS messages. A remote attacker could use this issue to cause OpenSSL to crash, resulting in a denial of service. CVE-2014-3571...
MGASA-2015-0022 Updated openssl packages fix security vulnerabilities
A carefully crafted DTLS message can cause a segmentation fault in OpenSSL due to a NULL pointer dereference. This could lead to a Denial Of Service attack CVE-2014-3571. A memory leak can occur in the dtls1bufferrecord function under certain conditions. In particular this could occur if an...
CVE-2015-0205
The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...
OpenSSL Fixes Eight Security Vulnerabilities
The OpenSSL Project has released several new versions of the software that fix eight security vulnerabilities, including several certificate issues and a couple of denial-of-service flaws. The patches included in OpenSSL 1.0.0p, 1.0.1k and 0.98zd are not for critical or high-risk vulnerabilities,...
Vulnerability in OpenSSL - DH client certificates accepted without verification [Server]
An OpenSSL server will accept a DH certificate for client authentication without the certificate verify message. This effectively allows a client to authenticate without the use of a private key. This only affects servers which trust a client certificate authority which issues certificates...
UBUNTU-CVE-2015-0205
The ssl3getcertverify function in s3srvr.c in OpenSSL 1.0.0 before 1.0.0p and 1.0.1 before 1.0.1k accepts client authentication with a Diffie-Hellman DH certificate without requiring a CertificateVerify message, which allows remote attackers to obtain access without knowledge of a private key via...
xorg-x11-server: denial of service due to unchecked malloc in client authentication
It was found that the X.Org server did not properly handle SUN-DES-1 Secure RPC authentication credentials. A malicious, unauthenticated client could use this flaw to crash the X.Org server by submitting a specially crafted authentication request...
xorg-x11-server security update
1.1.1-48.107.0.1.el511 - Added oracle-enterprise-detect.patch - Replaced 'Red Hat' in spec file 1.1.1-48.107 - CVE-2014-8091 denial of service due to unchecked malloc in client authentication 1168680 - CVE-2014-8092 integer overflow in X11 core protocol requests when calculating memory needs for...
openSUSE Security Update : docker / go (openSUSE-SU-2014:1411-1)
Docker was updated to version 1.3.1 to fix two security issues and several other bugs. These security issues were fixed : - Prevent fallback to SSL protocols lower than TLS 1.0 for client, daemon and registry CVE-2014-5277. - Secure HTTPS connection to registries with certificate verification and...
MGASA-2014-0410 Updated golang packages fix CVE-2014-7189
Updated golang packages fix security vulnerability: Go 1.1 through 1.3.2 has an issue that affects programs that use crypto/tls to implement a TLS server. If the server enables TLS client authentication using certificates and explicitly sets SessionTicketsDisabled to true in the tls.Config, then ...
openSUSE Security Update : icedtea-web (openSUSE-SU-2012:0371-1)
update to 1.2 - New features : - Signed JNLP support - Support for client authentication certificates - Cache size enforcement now supported via itweb-settings - Applet parameter passing through JNLP files now supported - Better icons for access warning dialog - Security Dialog UI revamped to...
Internet Bug Bounty: TLS Triple Handshake Attack
More details are at https://secure-resumption.com 2 Scenario ====== Consider a client C that normally authenticates to a server S using a client certificate. If C uses the same certificate to authenticate to a malicious server M, then we show that M can use C's certificate to authenticate its own...
SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)
"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...
Throughout most of the universities with a square academic system vulnerabilities-vulnerability warning-the black bar safety net
Hangzhou positive direction and academic management system is domestic with more of an academic management system,The High School uses has become many hackers industrial chain platform,in Baidu search can be found in many modifications being the top academic management system scores of posts,due ...
Fedora Update for guacamole-ext FEDORA-2012-14179
Check for the Version of guacamole-ext OpenVAS Vulnerability Test Fedora Update for guacamole-ext FEDORA-2012-14179 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...
[SECURITY] Fedora 17 Update: guacamole-ext-0.6.1-2.fc17
Guacamole is an HTML5 web application that provides access to desktop environments using remote desktop protocols such as VNC or RDP. A centraliz ed server acts as a tunnel and proxy, allowing access to multiple desktops thr ough a web browser. No plugins are needed: the client requires nothing...
CVE-2012-0717
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with client authentication is used, allows remote attackers to bypass X.509 client-certificate authentication via unspecified vectors...