80 matches found
OpenSSL Overflow Vulnerability (20171207, 20180327) - Windows
OpenSSL is prone to an overflow bug. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it...
Buffer overflow
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
ALPINE-CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
CVE-2017-3738 is an overflow bug in the AVX2 Montgomery multiplication used for 1024-bit moduli in OpenSSL. The issue affects x86_64 builds with AVX2 (not ADX) and can, in very unlikely cases, enable private-key recovery on affected architectures. OpenSSL 1.0.2n fixes the flaw; OpenSSL 1.1.0 is n...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
CVE-2017-3738
There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attack...
ROC - Infineon RSA Vulnerability
This tool is related to ACM CCS 2017 conference paper 124 Return of the Coppersmith’s Attack: Practical Factorization of Widely Used RSA Moduli. It enables you to test public RSA keys for a presence of the described vulnerability. Update : The paper of the attack is already online, ACM version...
SSH Diffie-Hellman Modulus <= 1024 Bits (Logjam)
The remote SSH server allows connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party can find the shared secret in a short amount of time depending on modulus size and attacker resources. This allows an attacker to recover the...
SSL/TLS Diffie-Hellman Modulus <= 1024 Bits (Logjam)
The remote host allows SSL/TLS connections with one or more Diffie-Hellman moduli less than or equal to 1024 bits. Through cryptanalysis, a third party may be able to find the shared secret in a short amount of time depending on modulus size and attacker resources. This may allow an attacker to...
openssh security, bug fix and enhancement update
6.6.1p1-11 + 0.9.3-9 - fix direction in CRYPTOSESSION audit message 1171248 6.6.1p1-10 + 0.9.3-9 - add new option GSSAPIEnablek5users and disable using /.k5users by default CVE-2014-9278 1169843 6.6.1p1-9 + 0.9.3-9 - log via monitor in chroots without /dev/log 1083482 6.6.1p1-8 + 0.9.3-9 - increa...
Moderate: Red Hat Security Advisory: openssh security, bug fix and enhancement update
Updated openssh packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...
Fedora 19 : openssh-6.2p2-8.fc19 (2014-6569)
environment variables with embedded '=' or '0' characters are now ignored - prevents a server from skipping SSHFP lookup and forcing a new-hostkey dialog by offering only certificate keys - /etc/ssh/moduli is readable by all now - ssh-copy-id is run in so called legacy mode when SSHCOPYIDLEGACY...
Remote file inclusion
PHP remote file inclusion vulnerability in moduli/libri/index.php in phpyabs 0.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the Azione parameter...
CVE-2009-0639
CVE-2009-0639 is a PHP remote file inclusion vulnerability affecting phpyabs 0.1.2, specifically in moduli/libri/index.php. The flaw allows remote attackers to execute arbitrary PHP code by supplying a URL in the Azione parameter. Public references (e.g., SecurityFocus BID 33670, Exploit-DB 8005)...
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : openssl-blacklist update (USN-612-9)
USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...
USN-612-9: openssl-blacklist update
USN-612-3 addressed a weakness in OpenSSL certificate and key generation in OpenVPN by introducing openssl-blacklist to aid in detecting vulnerable private keys. This update enhances the openssl-vulnkey tool to check Certificate Signing Requests, accept input from STDIN, and check moduli without ...