SUSE-SU-2016:0963-1 Security update for gcc5

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The following non-security issues...

SUSE-SU-2016:0908-2 Security update for gcc5

The GNU Compiler Collection was updated to version 5.3.1, which brings several fixes and enhancements. The following security issue has been fixed: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 The following non-security issues...

Sensio Labs Symfony Predictable Random Number Generation Vulnerability

Sensio Labs Symfony is a free French Sensio Labs , based on the MVC architecture of the PHP development framework . The framework provides commonly used functional components and tools , can be used to quickly create complex WEB program . A predictable random number generation vulnerability exist...

phpMyAdmin Password Guessing Vulnerability

phpMyAdmin is a free, web-based MySQL database management tool developed by the phpMyAdmin team. A security vulnerability exists in phpMyAdmin where the phpMyAdmin 'Math.random' function fails to provide encrypted random numbers, allowing remote attackers to exploit the vulnerability to guess...

UBUNTU-CVE-2016-1232

The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...

German Government Audits TrueCrypt

TrueCrypt continues to fascinate even though it hasn’t been updated in more than a year and has been cleared of backdoors in more than one extensive audit. The German government’s Federal Office for Information Security BSI is the latest to inspect and analyze the security of the abandoned open...

ntp: ntp-keygen may generate non-random symmetric keys on big-endian systems

A flaw was found in the way the ntp-keygen utility generated MD5 symmetric keys on big-endian systems. An attacker could possibly use this flaw to guess generated MD5 keys, which could then be used to spoof an NTP client or server...

UBUNTU-CVE-2015-5276

The std::randomdevice class in libstdc++ in the GNU Compiler Collection aka GCC before 4.9.4 does not properly handle short reads from blocking sources, which makes it easier for context-dependent attackers to predict the random values via unspecified vectors...

SUSE-SU-2015:1833-1 Security update for gcc48

This update for GCC 4.8 provides the following fixes: - Fix C++11 std::randomdevice short read issue that could lead to predictable randomness. CVE-2015-5276, bsc945842 - Fix linker segmentation fault when building SLOF on ppc64le. bsc949000 - Fix noinstrumentfunction attribute handling on PPC64...

python-oauth2: Uses poor PRNG in nonce

It was found that python-oauth2 did not properly generate random values for use in nonces. An attacker able to capture network traffic of a website using OAuth2 authentication could use this flaw to conduct replay attacks against that website...

PHP 5.6.x < 5.6.12 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is 5.6.x prior to 5.6.12. It is, therefore, affected by multiple vulnerabilities : - A use-after-free error exists in file spldllist.c due to improper sanitization of input to the unserialize function. An attacker can...

NTP 'ntp-keygen.c' Predictive Random Number Vulnerability

NTP Network Time Protocol is a protocol used by clients to synchronize the date and time with a time server. A security vulnerability in NTP 'ntp-keygen.c' allows attackers to take control of the server by guessing the MD5 generated key...

Google Chrome 'Math.Random()' Unauthorized Access Vulnerability

Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in Google Chrome that originates from the application generating weak random numbers. The vulnerability can be exploited by an attacker to obtain sensitive information and unauthorized...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

Dell iDRAC IPMI 1.5 Insufficient Session ID Randomness

""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness """ For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock =...

ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-180: EMC Documentum Web Development Kit Multiple Vulnerabilities EMC Identifier: ESA-2014-180 CVE Identifier: CVE-2014-4635, CVE-2014-4636, CVE-2014-4637, CVE-2014-4638, CVE-2014-4639 Severity Rating: See below for individual scores for each...

Dell iDRAC IPMI 1.5 - Insufficient Session ID Randomness

""" For testing purposes only. c Yong Chuan, Koh 2014 """ from time import sleep from socket import from struct import from random import import sys, os, argparse HOST = None PORT = 623 bufsize = 1024 recv = "" create socket UDPsock = socketAFINET,SOCKDGRAM UDPsock.settimeout2 data = 21 offset of...

Huawei WS318 Predictive Random Number Generator Vulnerability

The Huawei WS318 is a wireless router. A vulnerability in the Huawei WS318 predictive random number generator allows remote attackers to launch a brute force attack to crack passwords and gain access to the device...

ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...