62 matches found
openSUSE Security Update : lighttpd (openSUSE-2012-110)
added lighttpd-1.4.30headfixes.patch: cherry picked 4 fixes from HEAD : - ssl include more headers explicitly - list all network handlers in lighttpd -V fixes lighttpd2376 - Move fdevent subsystem includes to implementation files to reduce conflicts fixes lighttpd2373 - ssl fix segfault in...
ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST (Browser Exploit Against SSL/TLS) attacks
ESA-2012-032.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-032: RSA BSAFE® Micro Edition Suite Security Update for BEAST Browser Exploit Against SSL/TLS attacks EMC Identifier: ESA-2012-032 CVE Identifier: CVE-2011-3389 Severity Rating: CVSS v2 Base Score: 4.3...
ESA-2014-016: EMC VPLEX Multiple Vulnerabilities
ESA-2014-016.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-016: EMC VPLEX Multiple Vulnerabilities EMC Identifier: ESA-2014-016 CVE Identifier: See below for individual CVEs Severity Rating: CVSS v2 Base Score: See below for individual CVSS scores Affected products: All versions from...
Siemens Ruggedcom WIN Products BEAST Attack Vulnerability
OVERVIEW Siemens has identified a BEAST Browser Exploit Against SSL/TLS attack vulnerability in Siemens Ruggedcom WIN products. This vulnerability was originally reported directly to Siemens ProductCERT by Dan Frein and Paul Cotter of West Monroe Partners. Siemens has produced a firmware update...
Apple Turns on BEAST Attack Mitigation by Default in Safari
Apple enabled a feature in its recent OS X Mavericks update that neutered the BEAST cryptographic attacks. BEAST is a two-year-old attack tool that exploits a vulnerability in TLS 1.0 and SSL 3.0 and could lead to an attacker stealing HTTPS cookies or hijacking browser sessions. Apple’s Safari...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
Experts Urge ECC crytpo over RSA algorithm
LAS VEGAS – Cryptographic breakthroughs have accelerated in the past six months in areas such as discrete logarithm computations that lead experts to believe that breaking the stalwart RSA algorithm may be in the not-too-distant future. A team of crypto experts today at Black Hat USA 2013 present...
SuSE 10 Security Update : compat-curl2 (ZYPP Patch Number 8557)
This update of compat-curl2 fixes several security issues. - fixes for the cookie domain tailmatch vulnerability. bnc814655 - updated curl CA-Cert Bundle. bnc810010 - fixes for a potential BEAST attack bnc742306 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this...
Mandriva Linux Security Advisory : fetchmail (MDVSA-2013:037)
Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...
ESA-2012-029: RSA BSAFE(r) SSL-C Multiple Vulnerabilities
ESA-2012-029.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2012-029: RSA BSAFE® SSL-C Multiple Vulnerabilities EMC Identifier: ESA-2012-029 CVE Identifier: CVE-2011-3389, CVE-2012-2110, CVE-2012-2131 Severity Rating: See below for scores for individual issues Affected Products: All versio...
Check Point response to CVE-2011-3389 aka BEAST attack
...
CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions
The new attack on TLS developed by researchers Juliano Rizzo and Thai Duong takes advantage of an information leak in the compression ratio of TLS requests as a side channel to enable them to decrypt the requests made by the client to the server. This, in turn, allows them to grab the user’s logi...
Mandriva Linux Security Advisory : fetchmail (MDVSA-2012:149)
Multiple vulnerabilities has been found and corrected in fetchmail : Fetchmail version 6.3.9 enabled all SSL workarounds SSLOPALL which contains a switch to disable a countermeasure against certain attacks against block ciphers that permit guessing the initialization vectors, providing that an...
Mandriva Update for fetchmail MDVSA-2012:149 (fetchmail)
Check for the Version of fetchmail OpenVAS Vulnerability Test Mandriva Update for fetchmail MDVSA-2012:149 fetchmail Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...
FreeBSD Ports: fetchmail
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Mitigating the BEAST attack in R75.40VS, R75.46 and R76
...
Debian: Security Advisory (DSA-2398-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
90% SSL sites vulnerable to the BEAST SSL attack
90% of the Internet's top 200,000 HTTPS-enabled websites are vulnerable to known types of SSL Secure Sockets Layer attack, according to a report released Thursday by the Trustworthy Internet Movement TIM, a nonprofit organization dedicated to solving Internet security, privacy and reliability...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...
HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HT...