cumin: weak session keys

Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0, uses predictable random numbers to generate session keys, which makes it easier for remote attackers to guess the session key...

ruby: Properly initialize the random number generator when forking new process

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900...

kernel: random: add robust get_random_u32, remove weak get_random_int

The getrandomint function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to...

PT-2009-5554 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 2.6.30 Description: The issue concerns the production of insufficiently random numbers by the get random int function, allowing attackers to predict the return value. This could potentially defeat protection...

[SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness

------------------------------------------------------------------------ Debian Security Advisory DSA-1576-2 [email protected] http://www.debian.org/security/ Noah Meyerhans May 16, 2008 http://www.debian.org/security/faq -...

[SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness

------------------------------------------------------------------------ Debian Security Advisory DSA-1576-2 [email protected] http://www.debian.org/security/ Noah Meyerhans May 16, 2008 http://www.debian.org/security/faq -...

DEBIAN-CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...

PT-2008-1041 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.8c-1 through 0.9.8g-9 Description: The issue concerns a random number generator in OpenSSL that generates predictable numbers, making it easier for remote attackers to conduct brute force guessing attacks against...

VNC authentication weakness

VNC authentication weakness --------------------------- VNC uses a DES-encrypted challenge-response system to avoid passing passwords over the wire in plaintext. However, it seems that a weakness in the way the challenge is generated by some servers would make this useless. The following program...