Cisco Open Sources Experimental Small Domain Block Cipher

In cryptography, Block ciphers such as AES or DES are a symmetric key cipher operating on fixed-length groups of bits, called blocks, and typically operate on large input data blocks i.e. 64 or more than 128, 256 bits. Block cipher encrypts Plain-text to Cipher-text by applying cryptographic key...

SOL15342 - OpenSSL vulnerability CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

CVE-2014-3812

The Juniper Junos Pulse Secure Access Service SSL VPN devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service UAC before 4.4r5 and 5.x before 5.0r1 enable cipher suites with weak encryption algorithms, which make it easier for remote attackers to obtain...

openSUSE Security Update : lighttpd (openSUSE-SU-2012:0240-1)

This update of lighttpd fixes an out-of-bounds read due to a signedness error which could cause a Denial of Service CVE-2011-4362. Additionally an option was added to honor the server cipher order resolves lighttpd2364. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...

AIX OpenSSL Advisory : openssl_advisory9.doc

The version of OpenSSL installed on the remote host is potentially affected by the following remote code execution and denial of service vulnerabilities : - OpenSSL could allow an attacker to cause a buffer overrun situation when an attacker sends invalid DTLS fragments to an OpenSSL DTLS client ...

openSUSE Security Update : libopenssl-devel (openSUSE-SU-2011:0014-1)

Malicious clients could downgrade a connection to a low strength cipher suite on session resumption if the server offers such ciphers CVE-2010-4180. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security...

openSUSE Security Update : mozilla-nss (openSUSE-SU-2013:1539-1)

Mozilla NSS was updated to 3.15.2 bnc842979 - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add PK11CipherFinal macro - sizeof used incorrectly - nssutilReadSecmodDB leaks memory - Allow...

openSUSE Security Update : java-1_7_0-openjdk (openSUSE-SU-2013:0377-1)

java-170-openjdk was updated to icedtea-2.3.6 bnc803379 containing various security and bugfixes : - Security fixes - S6563318, CVE-2013-0424: RMI data sanitization - S6664509, CVE-2013-0425: Add logging context - S6664528, CVE-2013-0426: Find log level matching its name or value given at...

OpenSSL Server-Side ChangeCipherSpec Injection Scanner

This module checks for the OpenSSL ChangeCipherSpec CCS Injection vulnerability. The problem exists in the handling of early CCS messages during session negotiation. Vulnerable installations of OpenSSL accepts them, while later implementations do not. If successful, an attacker can leverage this...

OpenSSL improper handling of Change Cipher Spec message

Overview OpenSSL improperly handles Change Cipher Spec message in the initial SSL/TLS handshake. OpenSSL contains a flaw in the implementation of the Change Cipher Spec protocol that allows a MITM man-in-the-middle attacker to force a server and a client to use easily guessable cryptgraphic key...

DEBIAN-CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

UBUNTU-CVE-2014-0224

OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessio...

CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

UBUNTU-CVE-2014-3470

The ssl3sendclientkeyexchange function in s3clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service NULL pointer dereference and client crash by triggering a NULL certificate...

TLS Servers Cipher Suites Vulnerability Scanning Tools

Several vulnerability scanning tools are designed to gather supported cipher suites information from TLS servers. Such scans might indicate an attempt to disclose information about a server, as a preparation for an attack...

[oss-security] A number of EncFS issues

Hi, https://defuse.ca/audits/encfs.htm discusses a number of issues in EncFS: "Same Key Used for Encryption and Authentication" "Stream Cipher Used to Encrypt Last File Block" "Generating Block IV by XORing Block Number" "File Holes are Not Authenticated" "MACs Not Compared in Constant Time"...

SMTP STARTTLS Deployments Better than Expected

As more service providers understand and embrace the importance of encrypting online communication, certain technologies are being elevated to the forefront of conversations. Perfect Forward Secrecy and HTTP Strict Transport Security HSTS are two that generally top most lists, but another, SMTP...

SSL/TLS: Report Perfect Forward Secrecy (PFS) Cipher Suites

This routine reports all SSL/TLS cipher suites accepted by a service which are supporting Perfect Forward Secrecy PFS. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...