CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

Ubuntu: Security Advisory (USN-2914-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS : OpenSSL vulnerabilities (USN-2914-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2914-1 advisory. Yuval Yarom, Daniel Genkin, and Nadia Heninger discovered that OpenSSL was vulnerable to a side-channel attack on modular exponentiation. On certain CPUs...

UBUNTU-CVE-2016-0702

The MODEXPCTIMECOPYFROMPREBUF function in crypto/bn/bnexp.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g does not properly consider cache-bank access times during modular exponentiation, which makes it easier for local users to discover RSA keys by running a crafted application on the...

Vulnerability in OpenSSL - Side channel attack on modular exponentiation

A side-channel attack was found which makes use of cache-bank conflicts on the Intel Sandy-Bridge microarchitecture which could lead to the recovery of RSA keys. The ability to exploit this issue is limited as it relies on an attacker who has control of code in a thread running on the same...

[SECURITY] Fedora 22 Update: qca-2.1.1-4.fc22

Taking a hint from the similarly-named Java Cryptography Architecture, QCA aims to provide a straightforward and cross-platform crypto API, using Qt datatypes and conventions. QCA separates the API from the implementation, using plugins known as Providers. The advantage of this model is to allow...

Python Fuzzing Framework: Kitty

Kitty is an open-source modular and extensible fuzzing framework written in python, inspired by OpenRCE’s Sulley and Michael Eddington’s and now Deja Vu Security’s Peach Fuzzer . Goal The goal of Kitty was to help with fuzzing unusual targets — proprietary and esoteric protocols over non-TCP/IP...

Multiple vulnerabilities in Botan

The botan developers reports: Infinite loop in modular square root algorithm - The ressol function implements the Tonelli-Shanks algorithm for finding square roots could be sent into a nearly infinite loop due to a misplaced conditional check. This could occur if a composite modulus is provided, ...

Cisco Modular Encoding Platform D9036 Software Insecure Default Password Vulnerability

Cisco Modular Encoding Platform D9036 Software is the United States Cisco Cisco based on the D9036 modular encoding platform for improving video quality application software. A security vulnerability exists in versions of Cisco Modular Encoding Platform D9036 Software prior to 02.04.70, which ste...

Malware Analysis System: Cuckoo Sandbox

Cuckoo Sandbox is an advanced, extremely modular, and 100% open source automated malware analysis system with infinite application opportunities. By default it is able to: Analyze many different malicious files executables, office documents, pdf files, emails, etc as well as malicious websites...

Cisco Releases Security Updates

Cisco has released security updates to address vulnerabilities in Modular Encoding Platform D9036 software, Unified Computing System UCS Manager software, and Firepower 9000 Series devices. Exploitation of these vulnerabilities could allow a remote attacker to take control of an affected device...

Debian Security Advisory DSA 3438-1 (xscreensaver - security update)

It was discovered that unplugging one of the monitors in a multi-monitor setup can cause xscreensaver to crash. Someone with physical access to a machine could use this problem to bypass a locked session. OpenVAS Vulnerability Test $Id: deb3438.nasl 6608 2017-07-07 12:05:05Z cfischer $...

Pro PoS Malware Simple, But Less Sophisticated Than Initially Thought

A strain of point-of-sale malware that began making the rounds on underground markets late last month is easy to use, but less sophisticated than initial reports suggested. According to researchers at Talos, Cisco’s research division, Pro PoS is mostly built on Alina, another type of POS malware...

[SECURITY] Fedora 23 Update: grub2-2.02-0.25.fc23

The GRand Unified Bootloader GRUB is a highly configurable and customizab le bootloader with modular architecture. It support rich varietyof kernel for mats, file systems, computer architectures and hardware devices. This subpackage provides support for PC BIOS systems...

LATENTBOT: Trace Me If You Can

FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless...

iniNet SpiderControl SCADA Web Server Service 2.02 - Insecure File Permissions

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 2.02.0000 Summary: Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large...

iniNet SpiderControl SCADA Web Server Service 2.02 Privilege Escalation

iniNet SpiderControl SCADA Web Server Service 2.02 Insecure File Permissions Vendor: iniNet Solutions GmbH Product web page: http://www.spidercontrol.net Affected version: 2.02.0000 Summary: Modular and automated engineering is provided for HMI and SCADA. The tools are developed to join a large...

SpiderFoot v2.6.1 - Open Source Intelligence Automation

SpiderFoot is an open source intelligence automation tool. Its goal is to automate the process of gathering intelligence about a given target. Purpose There are three main areas where SpiderFoot can be useful: 1. If you are a pen-tester, SpiderFoot will automate the reconnaisance stage of the tes...

grub2 security update

CentOS Errata and Security Advisory CESA-2015:2401 Updated grub2 packages that fix one security issue, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Low security impact. A Common Vulnerability Scori...

[SECURITY] Fedora 22 Update: xscreensaver-5.34-1.fc22

A modular screen saver and locker for the X Window System. More than 200 display modes are included in this package. This is a metapackage for installing all default packages related to XScreenSaver...