SUSE-SU-2015:1410-1 Recommended update for openssl

This update of openssl fixes two regressions. - A regression was caused by the security fix for CVE-2015-0287, where DSA keys were not correctly loaded from file anymore. bsc937492 - RSA key generation odd keylengths was entering an endless loop bsc937212...

Moderate: Red Hat Security Advisory: ntp security, bug fix, and enhancement update

Updated ntp packages that fix multiple security issues, several bugs, and add two enhancements are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

SUSE-SU-2015:1179-1 Security update for libgcrypt

This update of libgcrypt fixes one security issue and brings various FIPS 140-2 related improvements. libgcrypt now uses ciphertext blinding for Elgamal decryption CVE-2014-3591 FIPS 140-2 related changes: The library performs its self-tests when the module is complete the -hmac file is also...

NTP 'ntp-keygen.c' Predictive Random Number Vulnerability

NTP Network Time Protocol is a protocol used by clients to synchronize the date and time with a time server. A security vulnerability in NTP 'ntp-keygen.c' allows attackers to take control of the server by guessing the MD5 generated key...

Mandriva Linux Security Advisory : ntp (MDVSA-2015:140)

Updated ntp packages fix security vulnerabilities : If no authentication key is defined in the ntp.conf file, a cryptographically-weak default key is generated CVE-2014-9293. ntp-keygen before 4.2.7p230 uses a non-cryptographic random number generator with a weak seed to generate symmetric keys...

Network Time Protocol Daemon (ntpd) 4.x < 4.2.8p1 Multiple Vulnerabilities

The version of the remote NTP server is 4.x prior to 4.2.8p1. It is, therefore, affected by the following vulnerabilities : - A security weakness exists due to the configauth function improperly generating default keys when no authentication key is defined in the ntp.conf file. Key size is limite...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

ntp: multiple issues

Keys explicitly generated by "ntp-keygen -M" should be regenerated. - CVE-2014-9293 weak key generation ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd or to exploit other vulnerabilities. - CVE-2014-9294 weak k...

RHEL 5 : ntp (RHSA-2014:2025)

Updated ntp packages that fix several security issues are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

[SECURITY] [DLA 116-1] ntp security update

Package : ntp Version : 4.2.6.p2+dfsg-1+deb6u1 CVE ID : CVE-2014-9293 CVE-2014-9294 CVE-2014-9295 CVE-2014-9296 Debian Bug : 773576 Several vulnerabilities were discovered in the ntp package, an implementation of the Network Time Protocol. CVE-2014-9293 ntpd generated a weak key for its internal...

CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

CVE-2014-9293

CVE-2014-9293 affects ntpd and is triggered when no authentication key is configured; ntpd may generate a cryptographically weak default key, enabling remote attackers to bypass cryptographic protections via brute-force. The IBM AIX advisory confirms weak default key handling for NTPv3/v4 and lis...

CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

UBUNTU-CVE-2014-9293

The configauth function in ntpd in NTP before 4.2.7p11, when an auth key is not configured, improperly generates a key, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

UBUNTU-CVE-2014-9294

util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak RNG seed, which makes it easier for remote attackers to defeat cryptographic protection mechanisms via a brute-force attack...

CVE-2014-2362

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...

Design/Logic Flaw

OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation...

CVE-2014-2362

The CVE-2014-2362 entry concerns OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, which rely on the time64() value from the C library as entropy for the site security key. This cryptographic weakness can allow an unauthenticated or remote attacker to predict the site key and po...