PT-2017-8916

Name of the Vulnerable Software and Affected Versions LibTomCrypt versions prior to 2.2.0 OP-TEE versions prior to 2.2.0 Description The issue arises from the rsa verify hash ex function in rsa verify hash.c, which fails to validate that the message length matches the ASN.1 encoded data length...

CVE-2 0 1 6-1 4 9 4 (python – rsa)vulnerability details-vulnerability warning-the black bar safety net

0×0 1 Overview CVE-2 0 1 6-1 4 9 4 vulnerability is about the Python-rsa signature forgery. In certain cases, can be forged a python rsa library to generate the signature information. But the premise needs an RSA public key exponent value e is small, the following are to e=3 discussion. A digital...

FreeBSD : py-rsa -- Bleichenbacher'06 signature forgery vulnerability (e78bfc9d-cb1e-11e5-b251-0050562a4d7b)

Filippo Valsorda reports : python-rsa is vulnerable to a straightforward variant of the Bleichenbacher'06 attack against RSA signature verification with low public exponent. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

python-rsa: signature forgery

The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...

python2-rsa: signature forgery

The verify function in the RSA package for Python Python-RSA before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack...

Mageia: Security Advisory (MGASA-2016-0011)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2016:0107-1 Security update for python-rsa

This update for python-rsa fixes the following security issue: CVE-2016-1494: Possible signature forgery via Bleichenbacher attack bsc960680...

Updated python-rsa packages fix security vulnerability

A signature forgery vulnerability in python-rsa allows an attacker to fake signatures for arbitrary messages for any key with a low exponent "e", such as the common value of 3 CVE-2016-1494...

MGASA-2016-0011 Updated python-rsa packages fix security vulnerability

A signature forgery vulnerability in python-rsa allows an attacker to fake signatures for arbitrary messages for any key with a low exponent "e", such as the common value of 3 CVE-2016-1494...

CentOS 6 / 7 : nss-softokn (CESA-2015:1699)

Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE: Security Advisory for mozilla-nss (SUSE-SU-2014:1220-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux: Security Advisory (ALAS-2015-596)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux AMI : nss-softokn (ALAS-2015-596)

A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin wer...

CentOS Update for nss-softokn CESA-2015:1699 centos7

Check the version of nss-softokn SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882271";...

nss security update

CentOS Errata and Security Advisory CESA-2015:1699 Updated nss-softokn packages that fix one security issue are now available for Red Hat Enterprise Linux 6 and 7. Red Hat Product Security has rated this update as having Moderate security impact. A Common Vulnerability Scoring System CVSS base...

NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)

A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks...

nss security update

CentOS Errata and Security Advisory CESA-2015:1664 Updated nss packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerabilit...

NSS: ECDSA signature validation fails to handle some signatures correctly (MFSA 2015-64)

A flaw was found in the way NSS verified certain ECDSA Elliptic Curve Digital Signature Algorithm signatures. Under certain conditions, an attacker could use this flaw to conduct signature forgery attacks...

CVE-2015-4534

EMC Documentum Content Server’s Java Method Server (JMS) contains a vulnerability (CVE-2015-4534) where JMS fails to validate signatures for query strings missing the method_verb parameter, allowing remote authenticated users to forge signatures and execute arbitrary code in the JMS context. Affe...

gnutls: RSA PKCS#1 signature verification forgery

It was found that GnuTLS did not verify whether a hashing algorithm listed in a signature matched the hashing algorithm listed in the certificate. An attacker could create a certificate that used a different hashing algorithm than it claimed, possibly causing GnuTLS to use an insecure, disallowed...