ntp: ntp-keygen uses weak random number generator and seed when generating MD5 keys

It was found that ntp-keygen used a weak method for generating MD5 keys. This could possibly allow an attacker to guess generated MD5 keys that could then be used to spoof an NTP client or server. Note: it is recommended to regenerate any MD5 keys that had explicitly been generated with ntp-keyge...

DEBIAN-CVE-2013-4442

Password Generator aka Pwgen before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers...

openSUSE Security Update : postgresql91 (openSUSE-SU-2013:0627-1)

postgresql was updated to version 9.1.9 bnc812525 : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with '-' could be crafted to damage or destroy files within the server's data directory, even if the request is...

openSUSE Security Update : postgresql92 (openSUSE-SU-2013:0628-1)

postgresql was updated to version 9.2.4 bnc812525 : - CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with '-' could be crafted to damage or destroy files within the server's data directory, even if the request is...

PYSEC-2014-86

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

SSL Certificate High Level of Randomness Detected

Binary data 7111.pasl...

SSL Certificate High Level of Randomness Detected

Binary data 7109.pasl...

Weak randomization seeds of vulnerability science-vulnerability warning-the black bar safety net

0x00 background Last week I attended a Bishop Fox and the BYU University organized CTF game, during the race I decided to try out the invasion about the scoring system, and I took intrusion of the recording process down. Although the client token cheat is not nothing new, but this time the invasi...

SuSE 11.3 Security Update : libssh2 (SAT Patch Number 8982)

This update of libssh fixes the following security issue : - When libssh operates in server mode, the randomness pool was not switched on fork, so two pools could operate on the same randomness and could generate the same keys. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive...

TYPO3 < 4.3.4, 4.4.0 Multiple Vulnerabilities (TYPO3-SA-2010-012)

TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...

MGASA-2013-0359 Updated drupal package fixes security vulnerabilities

Drupal's form API has built-in cross-site request forgery CSRF validation, and also allows any module to perform its own validation on the form. In certain common cases, form validation functions may execute unsafe operations CVE-2013-6385. Drupal core directly used the mtrand pseudorandom number...

postgresql: Improper randomization of pgcrypto functions (requiring random seed)

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...

postgresql: Improper randomization of pgcrypto functions (requiring random seed)

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...

Updated python-oauth2 packages fix CVE-2013-4347

It was found that in python-oauth2, an application for authorization flows for web applications, the nonce value generated isn't sufficiently random. While doing bulk operations the nonce might be repeated, so there is a chance of predictability. This could allow MITM attackers to conduct replay...

PT-2014-2778 · Python · Python-Oauth2

Name of the Vulnerable Software and Affected Versions: python-oauth2 affected versions not specified Description: The issue concerns the use of weak random numbers by the make nonce, generate nonce, and generate verifier functions in python-oauth2, making it easier for remote attackers to guess t...

Fedora 19 : perl-Crypt-DSA-1.17-10.fc19 (2013-15786)

As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...

Fedora 18 : perl-Crypt-DSA-1.17-10.fc18 (2013-15755)

As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...

Amazon Linux AMI : kernel (ALAS-2011-26)

IPv6 fragment identification value generation could allow a remote attacker to disrupt a target system's networking, preventing legitimate users from accessing its services. CVE-2011-2699 , Important A signedness issue was found in the Linux kernel's CIFS Common Internet File System implementatio...

postgresql: security and bugfix update to 9.0.13 (important)

Postgresql was updated to version 9.0.13 bnc812525: CVE-2013-1899: Fix insecure parsing of server command-line switches. A connection request containing a database name that begins with "-" could be crafted to damage or destroy files within the server's data directory, even if the request is...

CVE-2013-1900

PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...