Lucene search
K

51 matches found

Fedora
Fedora
added 2013/09/13 1:10 a.m.28 views

[SECURITY] Fedora 19 Update: perl-Crypt-DSA-1.17-10.fc19

Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation...

5.8CVSS2.8AI score0.01958EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/09/13 12:0 a.m.19 views

Fedora 18 : perl-Crypt-DSA-1.17-10.fc18 (2013-15755)

As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2013/09/13 12:0 a.m.29 views

Fedora 19 : perl-Crypt-DSA-1.17-10.fc19 (2013-15786)

As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...

5.8CVSS5.5AI score0.01958EPSS
Exploits0References4
NVD
NVD
added 2011/10/10 10:55 a.m.31 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS6.4AI score0.01958EPSS
Exploits0References7
OSV
OSV
added 2011/10/10 10:55 a.m.10 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

6.3AI score
Exploits0References7
OSV
OSV
added 2011/10/10 10:55 a.m.4 views

DEBIAN-CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS6.3AI score0.01958EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2011/10/10 10:55 a.m.25 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS5.9AI score0.01958EPSS
Exploits0References1
Prion
Prion
added 2011/10/10 10:55 a.m.14 views

Design/Logic Flaw

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS6.9AI score0.01958EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2011/10/10 10:0 a.m.34 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

6.3AI score0.01958EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2011/10/10 10:0 a.m.84 views

CVE-2011-3599

The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack...

5.8CVSS6.4AI score0.01958EPSS
Exploits0
CVE
CVE
added 2011/10/10 10:0 a.m.58 views

CVE-2011-3599

The CVE-2011-3599 issue affects the Perl Crypt::DSA (Crypt-DSA) module before version 1.18, where, in the absence of /dev/random, it falls back to Data::Random. This fallback could enable remote attackers to spoof signatures or recover signing keys via brute-force. Connected advisories confirm th...

5.8CVSS6.3AI score0.01958EPSS
Exploits0References7Affected Software1
Rows per page
Query Builder