3242 matches found
KLA10281 OSI vulnerability in OpenVPN
An unspecified vulnerability was found in OpenVPN. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via a timing attack. Original advisories - Related products OpenVPN CVE list CVE-2013-2061 warning Solution Update to...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
CVE-2013-2061
OpenVPN 2.3.0 and earlier is affected in UDP mode due to two issues in crypto.c: (1) openvpn_decrypt uses an HMAC comparison that does not run in constant time, enabling timing-based information disclosure, and (2) a padding oracle risk in the CBC mode cipher. Exploitation could allow an unauthen...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
CVE-2013-2061
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher...
[SECURITY] [DSA 2783-2] librack-ruby regression update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - -------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...
[SECURITY] [DSA 2783-2] librack-ruby regression update
-------------------------------------------------------------------------- Debian Security Advisory DSA-2783-2 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso October 24, 2013 http://www.debian.org/security/faq -...
Debian DSA-2783-1 : librack-ruby - several vulnerabilities
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilites and Exposures project identifies the following vulnerabilities : - CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...
[SECURITY] [DSA 2783-1] librack-ruby security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2783-1 [email protected] http://www.debian.org/security/ Thijs Kinkhorst October 21, 2013 http://www.debian.org/security/faq -...
Debian Security Advisory DSA 2783-1 (librack-ruby - several vulnerabilities)
Several vulnerabilities were discovered in Rack, a modular Ruby webserver interface. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities: CVE-2011-5036 Rack computes hash values for form parameters without restricting the ability to trigger hash collisions...
FreeBSD : polarssl -- Timing attack against protected RSA-CRT implementation (ccefac3e-2aed-11e3-af10-000c29789cb5)
PolarSSL Project reports : The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key...
polarssl -- Timing attack against protected RSA-CRT implementation
PolarSSL Project reports: The researchers Cyril Arnaud and Pierre-Alain Fouque investigated the PolarSSL RSA implementation and discovered a bias in the implementation of the Montgomery multiplication that we used. For which they then show that it can be used to mount an attack on the RSA key...
Amazon Linux AMI : openvpn (ALAS-2013-201)
The openvpndecrypt function in crypto.c in OpenVPN 2.3.0 and earlier, when running in UDP mode, allows remote attackers to obtain sensitive information via a timing attack involving an HMAC comparison function that does not run in constant time and a padding oracle attack on the CBC mode cipher. ...
nss: TLS CBC padding timing attack
The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...
gnupg / libcrypt RSA implementation flush+reload timing attack
Private key recovery by using CPU L3 cache timings...
nss: TLS CBC padding timing attack
The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...
nss: TLS CBC padding timing attack
The TLS implementation in Mozilla Network Security Services NSS does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attac...
Oracle Linux 5 / 6 : gnutls (ELSA-2013-0588)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2013-0588 advisory. 2.8.5-10.1 - fix CVE-2013-1619 - fix TLS-CBC timing attack 908238 Tenable has extracted the preceding description block directly from the Oracle Linux...
Thunderbird ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)
The installed version of Thunderbird ESR 17.x is prior to 17.0.7 and is, therefore, potentially affected the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...
Firefox ESR 17.x < 17.0.7 Multiple Vulnerabilities (Mac OS X)
The installed version of Firefox ESR 17.x is earlier than 17.0.7 and is, therefore, potentially affected by the following vulnerabilities : - Various, unspecified memory safety issues exist. CVE-2013-1682 - Heap-use-after-free errors exist related to 'LookupMediaElementURITable',...