CVE-2012-2668

CVE-2012-2668 affects OpenLDAP: when using the Mozilla NSS backend, tls_m.c may ignore TLSCipherSuite and select the default cipher suite, potentially enabling weaker ciphers and permitting information disclosure via TLS. Affected: OpenLDAP (likely 2.4.31 and earlier). Impact: remote attacker cou...

CVE-2012-2668

libraries/libldap/tlsm.c in OpenLDAP, possibly 2.4.31 and earlier, when using the Mozilla NSS backend, always uses the default cipher suite even when TLSCipherSuite is set, which might cause OpenLDAP to use weaker ciphers than intended and make it easier for remote attackers to obtain sensitive...

Medium: openssl

Issue Overview: An integer underflow flaw, leading to a buffer over-read, was found in the way OpenSSL handled DTLS Datagram Transport Layer Security application data record lengths when using a block cipher in CBC cipher-block chaining mode. A malicious DTLS client or server could use this flaw ...

DEBIAN-CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 before 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, allows remote attackers to cause a denial of service buffer over-read or possibly have unspecified other impact via a crafted TLS packet that is no...

gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

FreeBSD Ports: gnutls

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2012 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Survey Finds Secure Sites Not So Secure

A new project that was setup to monitor the quality and strength of the SSL implementations on top sites across the Internet found that 75 percent of them are vulnerable to the BEAST SSL attack and that just 10 percent of the sites surveyed should be considered secure. The SSL Pulse project, set ...

MoroccoTel Box Default Open Telnet Password

Exploit for windows platform in category remote exploits a "vulnerability" was identified on MoroccoTel Boxes: a telnet server is running, open to the web, with a default password of admin or 123456 This critical vulnerability can affect the entire network of a Country. Solution: change the defau...

MoroccoTel Default Password

Hi, a "vulnerability" was identified on MoroccoTel Boxes: a telnet server is running, open to the web, with a default password of admin or 123456 This critical vulnerability can affect the entire network of a Country. Solution: change the default password account or modify the default firmware NB...

SSL/TLS Protocol Initialization Vector Implementation Information Disclosure Vulnerability (BEAST)

A vulnerability exists in SSL 3.0 and TLS 1.0 that could allow information disclosure if an attacker intercepts encrypted traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This plugin tries to establish an SSL/TLS remote...

Mandriva Linux Security Advisory : gnutls (MDVSA-2012:040)

A vulnerability has been found and corrected in GnuTLS : gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash...

gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

Improve the default SSL cipherset in standalone JIRA setup

panel:bgColor=e7f4fa NOTE: This suggestion is for JIRA Cloud. Using JIRA Server? See the corresponding suggestion|http://jira.atlassian.com/browse/JRASERVER-27681. panel We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions wou...

Improve the default SSL cipherset in standalone JIRA setup

We are concerned about 'SSL Weak Cipher Suites Supported' and 'SSL Medium Strength Cipher Suites Suppored'. Any suggestions would be helpful...

DEBIAN-CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

CVE-2012-1573

gnutlscipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service heap memory corruption and application crash via a crafted record, as demonstrated by a crafted...

gnutls -- possible overflow/Denial of service vulnerabilities

Mu Dynamics, Inc. reports: The block cipher decryption logic in GnuTLS assumed that a record containing any data which was a multiple of the block size was valid for further decryption processing, leading to a heap corruption vulnerability...