Scanner for Bleichenbacher Oracle in RSA PKCS #1 v1.5

Some TLS implementations handle errors processing RSA key exchanges and encryption PKCS 1 v1.5 messages in a broken way that leads an adaptive chosen-chiphertext attack. Attackers cannot recover a server's private key, but they can decrypt and sign messages with it. A strong oracle occurs when th...

MGASA-2018-0060 Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

Updated erlang packages fix security vulnerabilities

It was discovered that the TLS server in Erlang is vulnerable to an adaptive chosen ciphertext attack against RSA keys CVE-2017-1000385...

Debian DSA-4072-1 : bouncycastle - security update

Hanno Boeck, Juraj Somorovsky and Craig Young discovered that the TLS implementation in Bouncy Castle is vulnerable to an adaptive chosen ciphertext attack against RSA keys. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Code injection

On BIG-IP versions 11.6.0-11.6.2 fixed in 11.6.2 HF1, 12.0.0-12.1.2 HF1 fixed in 12.1.2 HF2, or 13.0.0-13.0.0 HF2 fixed in 13.0.0 HF3 a virtual server configured with a Client SSL profile may be vulnerable to an Adaptive Chosen Ciphertext attack AKA Bleichenbacher attack against RSA, which when...

Updated php-ZendFramework2 packages fix CVE-2015-7503

Updated php-ZendFramework2 packages fix security vulnerability: Zend\Crypt\PublicKey\Rsa\PublicKey has a call to opensslpublicencrypt which uses PHP's default $padding argument, which specifies OPENSSLPKCS1PADDING, indicating usage of PKCS1v1.5 padding. This padding has a known vulnerability, the...

Amazon Linux: Security Advisory (ALAS-2014-278)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-2339-1] GnuPG vulnerability

========================================================================== Ubuntu Security Notice USN-2339-1 September 03, 2014 gnupg vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

Ubuntu 10.04 LTS / 12.04 LTS : gnupg vulnerability (USN-2339-1)

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys. Note that Tenable Network Security has extracted the preceding description...

Ubuntu 14.04 LTS : Libgcrypt vulnerability (USN-2339-2)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-2339-2 advisory. Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local...

USN-2339-2: Libgcrypt vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys...

USN-2339-2 libgcrypt11 vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that Libgcrypt was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys...

USN-2339-1: GnuPG vulnerability

Daniel Genkin, Adi Shamir, and Eran Tromer discovered that GnuPG was susceptible to an adaptive chosen ciphertext attack via physical side channels. A local attacker could use this attack to possibly recover private keys...

openSUSE Security Update : openssl (openSUSE-SU-2012:0547-1)

The implementation of Cryptographic Message Syntax CMS and PKCS 7 in OpenSSL was vulnerable to a Million Message Attack MMA adaptive chosen ciphertext attack CVE-2012-0884. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

Amazon Linux AMI : gnupg (ALAS-2014-278)

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

Medium: gnupg

Issue Overview: GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE:...

Ubuntu Update for gnupg USN-2059-1

Check for the Version of gnupg OpenVAS Vulnerability Test $Id: gbubuntuUSN20591.nasl 8456 2018-01-18 06:58:40Z teissa $ Ubuntu Update for gnupg USN-2059-1 Authors: System Generated Check Copyright: Copyright C 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; y...

CVE-2013-4576

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

Code injection

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...

CVE-2013-4576

GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not...