SuSE9 Security Update : ruby (YOU Patch Number 12452)

This update for ruby fixes the following security issues : - Improve return value checks for OpenSSL function OCSPbasicverify to refuse usage of revoked certificates. CVE-2009-0642 - Increase entropy of DNS identifiers to avoid spoofing attacks. CVE-2008-3905 - Fix denial of service DoS...

SuSE 11 Security Update : ruby (SAT Patch Number 1073)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

New Attack Against AES-256 a 'Huge Result'

A group of cryptographers has devised a new attack against AES, the de facto standard encryption algorithm, that enables them to recover an encryption key in far less time than had been possible before. The attack can recover an AES-256 key in a small enough amount of time to make the method...

openSUSE Security Update : ruby (ruby-1070)

This ruby update improves return value checks for openssl function OCSPbasicverify CVE-2009-0642 which allowed an attacker to use revoked certificates. The entropy of DNS identifiers was increased CVE-2008-3905 to avaid spoofing attacks. The code for parsing XML data was vulnerable to a denial of...

Hacker attack techniques of brute force method-vulnerability warning-the black bar safety net

Principle:now the lottery is very hot, a person spend two dollars to buy a lottery ticket that might, 5 0 0 million, but this probability is very low;you landed a system, The system ask you a password, you just wrote one, actually Simon's right, this probability and buy the 2 bucks, 5 0 0 million...

A brute-force of art-vulnerability warning-the black bar safety net

Brute force is simple to say is to use all possible characters or numbers to try until all of the test completed so far. For example, say we have a password that only allows the use of two-digit numbers, to obtain this password we have to have try from 0 0-9 9 all numbers that are decimal, until ...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

CVE-2009-1190

CVE-2009-1190 is an algorithmic complexity vulnerability in java.util.regex.Pattern.compile. The issue arises when the JVM compiles long regex patterns containing multiple optional groups, leading to CPU exhaustion and a potential denial of service. Affected products listed in the description inc...

HP Storage Essentials Secure NaviCLI未明远程特权提升漏洞

BUGTRAQ ID: 34613 CVE ID：CVE-2009-0715 CNCVE ID：CNCVE-20090715 HP Storage Essentials是一款基础设施管理解决方案，消除服务器和存储管理的复杂性。 HP Storage Essentials运行Secure NaviCLI存在安全漏洞，远程攻击者可以利用漏洞获得未授权访问或获得更高的特权。 目前没有详细漏洞细节提供。 HP Storage Essentials SRM Standard 6.0.4 HP Storage Essentials SRM Standard 6.0.3 HP Storage...

Fedora Update for quagga FEDORA-2007-2196

Check for the Version of quagga OpenVAS Vulnerability Test Fedora Update for quagga FEDORA-2007-2196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.splitheadervalue function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of...

MITKRB5-SA-2008-002: array overrun in RPC library used by kadmin

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2008-002 MIT krb5 Security Advisory 2008-002 Original release: 2008-03-18 Last update: 2008-03-18 Topic: array overrun in RPC library used by kadmind CVE-2008-0947, CVE-2008-0948 VU374121 Use of high-numbered file descriptors in the RPC...

CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...

Design/Logic Flaw

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...

CVE-2007-6067

Algorithmic complexity vulnerability in the regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows remote authenticated users to cause a denial of service memory consumption via a crafted "complex...

CVE-2007-6067

CVE-2007-6067 is an algorithmic complexity vulnerability in the TCL regular expression parser up to version 8.4.17, used by PostgreSQL 8.2/8.1/8.0/7.4 series. A crafted complex regex with doubly-nested states can be used by remote authenticated users to cause a denial of service via memory consum...

CVE-2007-6523

Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service CPU consumption via a crafted bitmap BMP file that triggers a large number of calculations and checks...

Design/Logic Flaw

Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before 9.25 allows remote attackers to cause a denial of service CPU consumption via a crafted bitmap BMP file that triggers a large number of calculations and checks...

Design/Logic Flaw

Algorithmic complexity vulnerability in the MCS translation daemon in mcstrans 0.2.3 allows local users to cause a denial of service temporary daemon outage via a large range of compartments in sensitivity labels...