813 matches found
GnuTLS: Multiple vulnerabilities
Background GnuTLS is an Open Source implementation of the TLS 1.0 and SSL 3.0 protocols. Description The following vulnerabilities were found in GnuTLS: Miroslav Kratochvil reported that lib/pk-libgcrypt.c does not properly handle corrupt DSA signatures, possibly leading to a double-free...
OpenSC Incorrect RSA Keys Generation Vulnerability
This host is installed with OpenSC and is prone to Insecure Key Generation vulnerability. OpenVAS Vulnerability Test $Id: secpodopenscinsecurekeygenerationvuln.nasl 5122 2017-01-27 12:16:00Z teissa $ OpenSC Incorrect RSA Keys Generation Vulnerability Authors: Antu Sanadi Copyright: Copyright c 20...
OpenSC < 0.11.8 Incorrect RSA Keys Generation Vulnerability
OpenSC is prone to an insecure key generation vulnerability. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security fix for the ALT Linux 10 package gnutls30 version 2.6.6-alt1
April 30, 2009 Afanasov Dmitry 2.6.6-alt1 - 2.6.6 release. + fix Corrected double free on signature verification failure CVE-2009-1415 + fix DSA key generation CVE-2009-1416 + fix gnutls-cli expiration/activation time check CVE-2009-1417 - release fixes 19873 also...
Ubuntu: Security Advisory (USN-612-8)
The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Code injection
The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openssl-blacklist update (USN-612-11)
USN-612-3 addressed a weakness in OpenSSL certificate and key generation and introduced openssl-blacklist to aid in detecting vulnerable certificates and keys. This update adds RSA-4096 blacklists to the openssl-blacklist-extra package and adjusts openssl-vulnkey to properly handle RSA-4096 and...
USN-612-9: openssl-blacklist update
USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...
Debian disaster-vulnerability warning-the black bar safety net
by axis 2008-05-16 http://www.ph4nt0m.org The Debian OpenSSL package the algorithms have problems, random number generation is actually in the process pid in the selection, lead to the generation of key can be exhaustive The following extract from the metasploit blog The Bug On May 13th, 2 0 0 8...
spambam.pl.txt
!/usr/bin/perl -w Defeating SpamBam exploit by Jose Palazon [email protected] a.k.a. palako Vulnerable software: SpamBam http://wordpress.org/extend/plugins/spambam/ by Gareth Heyes Vulnerability: No matter how hard you ofuscate or encrypt your code, never, under no circunstances, rely any...
Code injection
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...
CVE-2007-0726
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...
CVE-2007-0726
The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote attackers to cause a denial of service by connecting to the server before SSH has finished creating keys, which causes the keys to be regenerated and can break trust relationships that were...
CVE-2007-0726
CVE-2007-0726 affects Apple Mac OS X OpenSSH: SSH key generation on OS X 10.3.9 and 10.4 (up to 10.4.8) can be exploited by remote attackers who connect before key generation completes, causing keys to be regenerated and potentially breaking trust relationships based on the original keys. The des...
Mandrake Linux Security Advisory : bind (MDKSA-2006:207)
The BIND DNS server is vulnerable to the recently-discovered OpenSSL RSA signature verification problem CVE-2006-4339. BIND uses RSA cryptography as part of its DNSSEC implementation. As a result, to resolve the security issue, these packages need to be upgraded and for both KEY and DNSKEY record...
MDKA-2007:011 : tripwire
The version of tripwire included with Mandriva 2007 would hang while generating keys. The problem has been corrected by avoiding using optimization at compile-time. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix. Disabled ...
Linux kernel keyctl DoS
Race condition during unique key generation cause NULL pointer dereference on multiprocessor box...
Design/Logic Flaw
PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak random number generator C++ rand function during generation of the database encryption key, which makes it easier for attackers to decrypt the database and steal passwords by generating keys for all possible rand seed values an...
Code injection
nCipher HSM before 2.22.6, when generating a Diffie-Hellman public/private key pair without any specified DiscreteLogGroup parameters, chooses random parameters that could allow an attacker to crack the private key in significantly less time than a brute force attack...
NotifyLink server provides inadequate protection for cryptographic key material
Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...