FreeBSD : pycrypto -- PRNG reseed race condition (c0f122e2-3897-11e3-a084-3c970e169bc2)

Dwayne Litzenberger reports : In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator PRNG exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal...

pycrypto -- PRNG reseed race condition

Dwayne Litzenberger reports: In PyCrypto before v2.6.1, the Crypto.Random pseudo-random number generator PRNG exhibits a race condition that may cause it to generate the same 'random' output in multiple processes that are forked from each other. Depending on the application, this could reveal...

[Sandy v0.1] Open-source Samsung phone encryption assessment framework

Sandy is an open-source Samsung phone encryption assessment framework. Sandy has different modules that allow you to carry out different attack scenarios against encrypted Samsung phones. For the details check our Derbycon 3.0 presentation What’s common in Oracle and Samsung? They tried to think...

Amazon Linux AMI : python-crypto (ALAS-2012-86)

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute-force attacks to obtain the private key. C Tenable Network Security, Inc. The...

Mac OSX Server DirectoryService Buffer Overflow

Core Security - Corelabs Advisory http://corelabs.coresecurity.com/ Mac OSX Server DirectoryService buffer overflow 1. Advisory Information Title: Mac OSX Server DirectoryService buffer overflow Advisory ID: CORE-2013-0103 Advisory URL:...

Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2013:120)

Updated python-pycrypto package fixes security vulnerability : PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute-force attacks to...

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

DEBIAN-CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

PYSEC-2012-1

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

PYSEC-2012-1

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

Code injection

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

CVE-2012-3458

CVE-2012-3458 affects Beaker prior to 1.6.4, where sessions encrypted with PyCrypto use AES in ECB mode. The ECB usage can allow remote attackers to obtain portions of sensitive session data via unspecified vectors. All connected sources corroborate that Beaker before 1.6.4 is vulnerable to this ...

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors...

Mandriva Linux Security Advisory : python-pycrypto (MDVSA-2012:117)

A vulnerability has been discovered and corrected in python-pycrypto : PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute-force...

Fedora Update for python-crypto FEDORA-2012-8392

Check for the Version of python-crypto OpenVAS Vulnerability Test Fedora Update for python-crypto FEDORA-2012-8392 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

FreeBSD Ports: py-pycrypto

The remote host is missing an update to the system as announced in the referenced advisory. VID f45c0049-be72-11e1-a284-0023ae8e59f0 OpenVAS Vulnerability Test $ Description: Auto generated from VID f45c0049-be72-11e1-a284-0023ae8e59f0 Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Gentoo Security Advisory GLSA 201206-23 (pycrypto)

The remote host is missing updates announced in advisory GLSA 201206-23. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Gentoo Security Advisory GLSA 201206-23 (pycrypto)

The remote host is missing updates announced in advisory GLSA 201206-23. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only OR GPL-3.0-only...

FreeBSD Ports: py-pycrypto

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...