[SECURITY] [DSA 1576-2] New openssh packages fix predictable randomness

------------------------------------------------------------------------ Debian Security Advisory DSA-1576-2 [email protected] http://www.debian.org/security/ Noah Meyerhans May 16, 2008 http://www.debian.org/security/faq -...

DEBIAN-CVE-2008-0166

OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptographic keys...

PT-2008-1041 · Openssl · Openssl

Name of the Vulnerable Software and Affected Versions: OpenSSL versions 0.9.8c-1 through 0.9.8g-9 Description: The issue concerns a random number generator in OpenSSL that generates predictable numbers, making it easier for remote attackers to conduct brute force guessing attacks against...

ruby -- DNS spoofing vulnerability in resolv.rb

resolv.rb allow remote attackers to spoof DNS answers. This risk can be reduced by randomness of DNS transaction IDs and source ports, so resolv.rb is fixed to randomize them...

GLSA-200804-22 : PowerDNS Recursor: DNS Cache Poisoning

The remote host is affected by the vulnerability described in GLSA-200804-22 PowerDNS Recursor: DNS Cache Poisoning Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers CVE-2008-1637. Thomas Biege of SUSE pointed out th...

PowerDNS Recursor: DNS Cache Poisoning

Background The PowerDNS Recursor is an advanced recursing nameserver. Description Amit Klein of Trusteer reported that insufficient randomness is used to calculate the TRXID values and the UDP source port numbers CVE-2008-1637. Thomas Biege of SUSE pointed out that a prior fix to resolve this iss...

CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

DEBIAN-CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

CVE-2008-1637

CVE-2008-1637 affects the PowerDNS Recursor (3.x) prior to 3.1.6, due to insufficient randomness used to compute TRXID values and UDP source ports, enabling potential cache poisoning. The underlying issue involves weaknesses in the random/seeding approach (32-bit seed; time-based seeding; externa...

CVE-2008-1637

PowerDNS Recursor before 3.1.5 uses insufficient randomness to calculate 1 TRXID values and 2 UDP source port numbers, which makes it easier for remote attackers to poison a DNS cache, related to a algorithmic deficiencies in rand and random functions in external libraries, b use of a 32-bit seed...

[ GLSA 200803-07 ] Paramiko: Information disclosure

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200803-07 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...

CVE-2007-5502

The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness...

CVE-2007-5502

CVE-2007-5502 affects the OpenSSL FIPS Object Module 1.1.1. The PRNG does not auto-seed during the FIPS self-test, causing generated data to be more predictable and potentially enabling attackers to bypass protections relying on randomness. This vulnerability is documented across multiple sources...

FreeBSD-SA-07:09.random

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-07:09.random Security Advisory The FreeBSD Project Topic: Random value disclosure Category: core Module: sysdevrandom Announced: 2007-11-29 Credits: Robert Woolle...

Debian DSA-956-1 : lsh-server - filedescriptor leak

Stefan Pfetzing discovered that lshd, a Secure Shell v2 SSH2 protocol server, leaks a couple of file descriptors, related to the randomness generator, to user shells which are started by lshd. A local attacker can truncate the server's seed file, which may prevent the server from starting, and wi...

CVE-2006-3419

Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes RANDpseudobytes instead of cryptographically strong RANDbytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks...

DSA-956-1 lsh-server - filedescriptor leak

Bulletin has no description...

Design/Logic Flaw

unixrandom.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys...