3242 matches found
CVE-2009-3875
CVE-2009-3875 : The Java Runtime Environment (JRE) in Sun/Oracle Java SE has a timing-attack flaw in the HMAC digest verification that could allow forged signatures and potentially bypass authentication. Affected products include JDK/JRE 5.0 before Update 22, JDK/JRE 6 before Update 17, and older...
CVE-2009-3875
The MessageDigest.isEqual function in Java Runtime Environment JRE in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.127, and SDK and JRE 1.4.x before 1.4.224 allows remote attackers to spoof HMAC-based digital signatures, and possibl...
KLA10344 Multiple vulnerabilities in Sun Java SE
Multiple serious vulnerabilities have been found in SUN Java SE. Malicious users can exploit these vulnerabilities to cause denial of service or bypass authentication. Below is a complete list of vulnerabilities 1. Unknown vectors can be exploited remotely via specially designed HTTP headers or...
Crypto flaws becoming a killer for Web applications
One of the few things that most people in the security community seem to agree on is that there is a dire need for better security around Web applications. That need begins with the lack of security training for most Web developers and extends through the inconsistent use of Web-application...
Timing attack in Google Keyczar library
Firstly, I’m really glad to see more high-level libraries being developed so that programmers don’t have to work directly with algorithms. Keyczar is definitely a step in the right direction. Thanks to all the people who developed it. Also, thanks to Stephen Weis for responding quickly to address...
[waraxe-2007-SA#053] - Critical Sql Injection in NukeSentinel 2.5.11
waraxe-2007-SA053 - Critical Sql Injection in NukeSentinel 2.5.11 ==================================================================== Author: Janek Vind "waraxe" Date: 25. September 2007 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-53.html Target software description:...
openssh-timing.txt
!/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote...
Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately ...
Portable OpenSSH 3.6.1p-PAM/4.1-SuSE - Timing Attack
!/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote...
Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
No description provided by source. !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi [email protected] OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an erro...
Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
Exploit for multiple platform in category remote exploits =============================================================== Portable OpenSSH OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to...
Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack
Portable OpenSSH 3.6.1p-PAM4.1-SuSE - Timing Attack !/bin/bash $Id: raptorsshtime,v 1.1 2007/02/13 16:38:57 raptor Exp $ raptorsshtime - OpenSSH remote timing attack exploit Copyright c 2006 Marco Ivaldi OpenSSH-portable 3.6.1p1 and earlier with PAM support enabled immediately sends an error...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure. OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which...
CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime...
CVE-2006-5229
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime...
OpenSSH < 4.1.0p2 / 4.2 Timing Attack
Binary data 3787.prm...
CentOS 3 / 4 : openssl (CESA-2005:476)
Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...
Ubuntu 4.10 / 5.04 : gnupg vulnerability (USN-170-1)
Serge Mister and Robert Zuccherato discovered a weakness of the symmetrical encryption algorithm of gnupg. When decrypting a message, gnupg uses a feature called 'quick scan'; this can quickly check whether the key that is used for decryption is probably the right one, so that wrong keys can be...
security flaw
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...
Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)
Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys CVE-2005-0109. The OpenSSL library has been patched to add a new fixed-window modexp implementation as default for RSA, DSA, and DH private key operations. The...