3244 matches found
security flaw
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...
Mandrake Linux Security Advisory : openssl (MDKSA-2005:096)
Colin Percival reported a cache timing attack that could be used to allow a malicious local user to gain portions of cryptographic keys CVE-2005-0109. The OpenSSL library has been patched to add a new fixed-window modexp implementation as default for RSA, DSA, and DH private key operations. The...
openssl, openssl095a, openssl096 security update
CentOS Errata and Security Advisory CESA-2005:476-01 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...
openssl, openssl096b security update
CentOS Errata and Security Advisory CESA-2005:476 Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and...
Moderate: Red Hat Security Advisory: openssl security update
Updated OpenSSL packages that fix security issues are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. OpenSSL is a toolkit that implements Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a...
MDKSA-2005:057 - Updated gnupg packages fix vulnerability
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandrakelinux Security Update Advisory Package name: gnupg Advisory ID: MDKSA-2005:057 Date: March 15th, 2005 Affected versions: 10.0, 10.1, 9.2, Corporate 3.0, Corporate Server 2.1 Problem Description: The OpenPGP protocol is vulnerable to a...
Mandrake Linux Security Advisory : gnupg (MDKSA-2005:057)
The OpenPGP protocol is vulnerable to a timing-attack in order to gain plain text from cipher text. The timing difference appears as a side effect of the so-called 'quick scan' and is only exploitable on systems that accept an arbitrary amount of cipher text for automatic decryption. The updated...
CVE-2005-0109
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...
CVE-2005-0109
Technical details for CVE-2005-0109 are not provided in the supplied documents. The set includes historical references and later OpenSSL advisories, but no specific product, root cause, impact, or fix details here. Monitor for updates.
CVE-2005-0109
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic key...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...
CVE-2004-2682
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on 1 the number of extra reductions during Montgomery reduction, and 2 the use of different integer...
ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
No description provided by source. / Details Vulnerable Systems: ProFTPD Version 1.2.10 and below It is possible to determine which user names are valid, which are special, and which ones do not exist on the remote system. This can be accomplished by code execution path timing analysis attack at...
ProFTPD <= 1.2.10 Remote Users Enumeration Exploit
Exploit for linux platform in category remote exploits ================================================== ProFTPD include include include include define PORT 21 define PROBE 8 main int argc, char argv int sock,n,y; long dist,stat=0; struct sockaddrin sin; char buf1024, buf21024; struct timeval t...
CVE-2004-1602
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response...
Debian DSA-253-1 : openssl - information leak
A vulnerability has been discovered in OpenSSL, a Secure Socket Layer SSL implementation. In an upcoming paper, Brice Canvel EPFL, Alain Hiltgen UBS, Serge Vaudenay EPFL, and Martin Vuagnoux EPFL, Ilion describe and demonstrate a timing-based attack on CBC cipher suites used in SSL and TLS. OpenS...
CVE-2003-0078
ssl3getrecord in s3pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak timing discrepancy that may make it easier to launch cryptographic attacks that rely on distinguishing betwe...
CVE-2003-0078
CVE-2003-0078 affects OpenSSL: ssl3_get_record in s3_pkt.c does not perform a MAC when padding is incorrect, causing a timing side channel that could aid padding/MAC verification discrimination and potentially lead to plaintext recovery. The vulnerability applies to OpenSSL versions before 0.9.7a...
Mandrake Linux Security Advisory : openssl (MDKSA-2003:020)
In an upcoming paper, Brice Canvel EPFL, Alain Hiltgen UBS, Serge Vaudenay EPFL, and Martin Vuagnoux EPFL, Ilion describe and demonstrate a timing-based attack on CBC ciphersuites in SSL and TLS. New versions of openssl have been released in response to this vulnerability 0.9.6i and 0.9.7a. The...
SUSE-SA:2003:011: openssl
The remote host is missing the patch for the advisory SUSE-SA:2003:011 openssl. OpenSSL is an implementation of the Secure Sockets Layer and Transport Layer Security protocols and provides strong cryptography for many applications in a Linux system. It is a default package in all SUSE products. A...