Ubuntu: Security Advisory (USN-612-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 7.04 / 7.10 / 8.04 LTS : openvpn regression (USN-612-10)

USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by adding checks for vulnerable certificates and keys to OpenVPN. A regression was introduced in OpenVPN when using TLS with password protected certificates which caused OpenVPN to not start when used with...

Ubuntu 6.06 LTS : openssh update (USN-612-7)

USN-612-2 introduced protections for OpenSSH, related to the OpenSSL vulnerabilities addressed by USN-612-1. This update provides the corresponding updates for OpenSSH in Ubuntu 6.06 LTS. While the OpenSSL in Ubuntu 6.06 is not vulnerable, this update will block weak keys generated on systems tha...

Ubuntu 7.04 / 7.10 / 8.04 LTS : openvpn vulnerability (USN-612-3)

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledg...

Ubuntu 7.04 / 7.10 / 8.04 LTS : openssh update (USN-612-5)

Matt Zimmerman discovered that entries in /.ssh/authorizedkeys with options such as 'no-port-forwarding' or forced commands were ignored by the new ssh-vulnkey tool introduced in OpenSSH see USN-612-2. This could cause some compromised keys not to be listed in ssh-vulnkey's output. This update al...

[USN-612-1] OpenSSL vulnerability

=========================================================== Ubuntu Security Notice USN-612-1 May 13, 2008 openssl vulnerability CVE-2008-0166 =========================================================== A weakness has been discovered in the random number generator used by OpenSSL on Debian and...

USN-612-2: OpenSSH vulnerability

A weakness has been discovered in the random number generator used by OpenSSL on Debian and Ubuntu systems. As a result of this weakness, certain encryption keys are much more common than they should be, such that an attacker could guess the key through a brute-force attack given minimal knowledg...

CVE-2003-1376

WinZip 8.0 is affected. The vulnerability stems from weak random number generation used for password protected ZIP files, allowing local attackers to brute force encryption keys by guessing the state of the ZIP stream coder. Reported impact is partial confidentiality, integrity, and availability....

CVE-2003-1376

WinZip 8.0 uses weak random number generation for password protected ZIP files, which allows local users to brute force the encryption keys and extract the data from the zip file by guessing the state of the stream coder...

RSA key reconstruction vulnerability

Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

Code injection

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-2727

The mcryptcreateiv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls phprandr with an uninitialized seed variable and therefore always generates the same initialization vector IV, which might allow context-dependent attackers to decrypt...

CVE-2007-0844

The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...

CVE-2007-0844

The authviakey function in pamssh.c in pamssh before 1.92, when the allowblankpassphrase option is disabled, allows remote attackers to bypass authentication restrictions and use private encryption keys requiring a blank passphrase by entering a non-blank passphrase...

CVE-2006-5303

Secure Computing SafeWord RemoteAccess 2.1 allows local users to obtain the UserCenter webportal password, database encryption keys, and signing keys by reading 1 base-64 encoded data in SERVERS\Web\Tomcat\usercenter\WEB-INF\login.conf and 2 plaintext data in SERVERS\Shared\signers.cfg. NOTE: the...

CVE-2006-3411

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys...

CVE-2006-3411

CVE-2006-3411 relates to Tor prior to version 0.1.1.20, where TLS handshakes generate public–private keys based on TLS context rather than the specific connection. This design flaw can make it easier for remote attackers to perform brute-force attacks on the encryption keys. The vulnerability is ...

CVE-2006-3411

TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys...