DEBIAN-CVE-2006-0353

unixrandom.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys...

CVE-2006-0353

unixrandom.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys...

CVE-2006-0353

unixrandom.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys...

CVE-2006-0353

unixrandom.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys...

CVE-2006-0353

CVE-2006-0353 affects lsh 2.0.1’s lshd, which leaks file descriptors related to the randomness generator. A local attacker can truncate the seed file, potentially preventing lshd from starting or enabling seed/key disclosure. Debian’s DSA-956-1 and related advisories describe a local vulnerabilit...

VNC authentication weakness

VNC authentication weakness --------------------------- VNC uses a DES-encrypted challenge-response system to avoid passing passwords over the wire in plaintext. However, it seems that a weakness in the way the challenge is generated by some servers would make this useless. The following program...

CVE-2001-0950

CVE-2001-0950 concerns the ValiCert Enterprise Validation Authority (EVA) Administration Server, version 3.3–4.2.1. The root cause is the use of insufficiently random data: session tokens for HSMs are generated with the C rand() function, and certificate/key generation may rely on /dev/urandom in...

CVE-2001-0950

ValiCert Enterprise Validation Authority EVA Administration Server 3.3 through 4.2.1 uses insufficiently random data to 1 generate session tokens for HSMs using the C rand function, or 2 generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool ...

Re: More problems with RADIUS (protocol and implementations)

I note that the original message didn't cite my short message to Bugtraq about security issues with RADIUS: http://cert.uni-stuttgart.de/archive/bugtraq/2000/12/msg00332.html Some points in that message were also covered by Joshua, he added a number of good points, and missed a few others...

Keys generated with PGP5i batch mode do not contain sufficient randomness on systems that use /dev/random

Overview Under certain circumstances, PGP v5.0 generates keys that are not sufficiently random, which may allow an attacker to predict keys and, hence, recover information encrypted with that key. Description Generating Randomness in PGP Keys In order to generate cryptographically secure keys, PG...

CVE-2000-0445

The CVE-2000-0445 issue affects PGP 5.x on Unix-like systems where non-interactive (batch) key generation via pgpk can use insufficient randomness collected from /dev/random. The root cause is how PGP v5.0 processes entropy when generating keys in unattended mode, potentially producing weak, pred...

CVE-2000-0445

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys...

CVE-2000-0357

ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random numbers, which allows local users to guess the authentication keys...