SuSE 11.1 Security Update : OpenSSL (SAT Patch Number 6054)

The following security issues have been fixed : - Specially crafted MIME headers could cause openssl's ans1 parser to dereference a NULL pointer leading to a Denial of Service CVE-2006-7250 or fail verfication. CVE-2012-1165 - The implementation of Cryptographic Message Syntax CMS and PKCS 7 in...

Mandriva Linux Security Advisory : openssl (MDVSA-2012:038)

Multiple vulnerabilities has been found and corrected in openssl : The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt...

CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

CVE-2012-0884

CVE-2012-0884 affects the OpenSSL CMS/PKCS#7 implementations. The vulnerability arises from an improper restriction of oracle behavior, enabling context-dependent attackers to decrypt data via a Million Message Attack (MMA) under certain conditions. The issue is present in OpenSSL versions prior ...

UBUNTU-CVE-2012-0884

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL before 0.9.8u and 1.x before 1.0.0h does not properly restrict certain oracle behavior, which makes it easier for context-dependent attackers to decrypt data via a Million Message Attack MMA adaptive chosen ciphertext...

MS10-070 ASP.NET Auto-Decryptor File Download Exploit

No description provided by source. !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor bundled in the aspx...

Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)

Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...

MS10-070 ASP.NET Auto-Decryptor File Download

!/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor bundled in the aspx framework Encrypt data using Rizzo-Duong...

Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)

!/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor bundled in the aspx framework Encrypt data using Rizzo-Duong...

FreeBSD Ports: gnupg

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

FreeBSD : gnutls -- Adaptive Chosen Ciphertext Attack (831) (deprecated)

The remote host is missing an update to the system The following package is affected: gnutls-devel This plugin has been deprecated since the advisory has been canceled. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the VuXML entry has been cancelled. Disabled on 2011/10/02....

CVE-2005-0366

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback CFB mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is...

CVE-2005-0366

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback CFB mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is...

CVE-2005-0366

CVE-2005-0366 concerns OpenPGP/GnuPG where the integrity check feature, when decrypting a message encrypted with CF B mode, can allow a remote attacker to recover part of the plaintext through a chosen-ciphertext attack if the first two bytes of a message block are known and an oracle reveals whe...

OpenPGP vulnerable to chosen-ciphertext attacks in cipher feedback (CFB) mode

Overview A vulnerability in OpenPGP may allow attackers to recover partial plaintexts from OpenPGP messages that use symmetric encryption. Description A vulnerability in OpenPGP can be used by attackers to recover partial plaintexts from messages employing symmetric encryption. Researchers Serge...

Remote Code Execution via Chosen-Ciphertext Attack

framework/src/Titon/Crypto/OpenSslCipher.hh Lines 30 to 39 in cbf4472 public function decryptstring $payload: mixed $payload = $this-decodePayload$payload; $method = $this-getMethod; $value = openssldecrypthex2bin$payload'data', $method, $this-getKey, OPENSSLRAWDATA, hex2bin$payload'iv'; if $valu...

Remote Code Execution via Chosen-Ciphertext Attack

https://github.com/titon/framework/blob/cbf44729173d3a83b91a2b0a217c6b3827512e44/src/Titon/Crypto/OpenSslCipher.hhL30-L39 You aren't authenticating your ciphertexts, and then you're passing the decrypted result to unserialize. See also:...