SSL Compression Methods Supported

This script detects which compression methods are supported by the remote service for SSL connections. TRUSTED...

Transport Layer Security (TLS) Protocol CRIME Vulnerability

The remote service has one of two configurations that are known to be required for the CRIME attack : - SSL / TLS compression is enabled. - TLS advertises the SPDY protocol earlier than version 4. Note that Nessus did not attempt to launch the CRIME attack against the remote service. C Tenable...

Fedora 17 : qt-4.8.2-7.fc17 (2012-15194)

Build patched to disable SSL/TLS compression by default avoiding CRIME attacks, see also http://qt.digia.com/Release-Notes/security-issue-september-2012/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has...

[SECURITY] Fedora 17 Update: optipng-0.7.3-1.fc17

OptiPNG is a PNG optimizer that recompresses image files to a smaller size, without losing any information. This program also converts external formats BMP, GIF, PNM and TIFF to optimized PNG, and performs PNG integrity checks and corrections...

Portable Multi-boot Security Suite: Katana

Katana is a portable multi-boot security suite which brings together many of today’s best security distributions and portable applications to run off a single Flash Drive. It includes distributions which focus on Pen-Testing, Auditing, Forensics, System Recovery, Network Analysis, and Malware...

For SSL the latest method of attack CRIME of the principles and technical details-vulnerability warning-the black bar safety net

Author:Pnig0s decodingFreeBuf We may concern before the for SSL a attack technique, called the BEAST. This is still found in BEAST of the two greatJuliano Rizzoand Thai Duong discovered another new attack on HTTPS techniques, and before of similar, called“CRIME”is. BEAST to from SSL/TLS encrypted...

XnView < 1.99.1 JPEG Compressed TIFF Image Multiple Header Value Handling Overflow

The version of XnView installed on the remote Windows host is earlier than 1.99.1. It is, therefore, reportedly affected by a heap-based buffer overflow vulnerability. This is due to an error in the handling of TIFF image files having JPEG compression. Specially crafted files of this type can...

DEBIAN-CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CVE-2012-4929

The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google Chrome, Qt, and other products, can encrypt compressed data without properly obfuscating the length of the unencrypted data, which allows man-in-the-middle attackers to obtain plaintext HTTP headers by observing length differenc...

CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions

The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...

Mandrake Linux Security Advisory : bind (MDKSA-2000:067)

A vulnerability exists with the bind nameserver dealing with compressed zone transfers. This vulnerability can be exploited by authorized zone transfers and used in a DoS attack. The named daemon will crash if it receives this type of zone transfer from an authorized source address. The crash is...

CVE-2012-0275

Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression...

CVE-2012-0275

Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression...

CVE-2012-0275

CVE-2012-0275 is a heap-based buffer overflow in Photoshop.exe affecting Adobe Photoshop CS5 (12.x) before 12.0.5, CS5.1 before 12.1.1, and CS6 before 13.0.1. The vulnerability allows remote code execution via a crafted TIFF image using SGI24LogLum compression. Exploitation is remote (no user int...

Fedora Update for openjpeg FEDORA-2012-9602

Check for the Version of openjpeg OpenVAS Vulnerability Test Fedora Update for openjpeg FEDORA-2012-9602 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

KLA10029 ACE vulnerabilities in Adobe Photoshop

Buffer overflow vulnerabilities were found in Adobe Photoshop. By exploiting this vulnerability malicious users can execute arbitrary code. These vulnerabilities can be exploited from the network at a point related to an unknown application via a specially designed file or TIFF image with...

SeaMonkey < 2.12.0 Multiple Vulnerabilities

The installed version of SeaMonkey is earlier than 2.12.0. Such versions are potentially affected by the following security issues : - An error exists related to 'Object.defineProperty' and the location object that could allow cross-site scripting attacks. CVE-2012-1956 - Unspecified memory safet...

openSUSE: Security Advisory for libvorbis (openSUSE-SU-2012:0319-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Scientific Linux Security Update : curl on SL3.x i386/x86_64

Wesley Miaw discovered that when deflate compression was used, libcurl could call the registered write callback function with data exceeding the documented limit. A malicious server could use this flaw to crash an application using libcurl or, potentially, execute arbitrary code. Note: This issue...