1122 matches found
Null pointer dereference
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a denial of service NULL pointer dereference and crash by attempting to log into an account whose...
CVE-2013-4122
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...
DEBIAN-CVE-2013-4122
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...
Null pointer dereference
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...
CVE-2013-4122
Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a NULL value is returned upon an error by the crypt function as implemented in glibc 2.17 and later, which allows remote attackers to cause a denial of service thread crash and consumption via 1 an invalid salt or, when FIPS-140...
[ MDVSA-2013:241 ] perl-Crypt-DSA
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2013:241 http://www.mandriva.com/en/support/security/ Package : perl-Crypt-DSA Date : September 25, 2013 Affected: Business Server 1.0, Enterprise Server 5.0 Problem Description: A vulnerability has been discover...
perl Crypt::DSA weak PRNG generator
Under some conditions, weak PRNG generator is used...
Mandriva Linux Security Advisory : perl-Crypt-DSA (MDVSA-2013:241)
A vulnerability has been discovered and corrected in perl-Crypt-DSA : The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed...
MGASA-2013-0289 Updated perl-Crypt-DSA package fixes security vulnerability
The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...
Updated perl-Crypt-DSA package fixes security vulnerability
The Crypt::DSA aka Crypt-DSA module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack CVE-2011-3599. This update removes t...
Fedora Update for perl-Crypt-DSA FEDORA-2013-15755
Check for the Version of perl-Crypt-DSA OpenVAS Vulnerability Test Fedora Update for perl-Crypt-DSA FEDORA-2013-15755 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
Fedora Update for perl-Crypt-DSA FEDORA-2013-15786
Check for the Version of perl-Crypt-DSA OpenVAS Vulnerability Test Fedora Update for perl-Crypt-DSA FEDORA-2013-15786 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify ...
Fedora Update for perl-Crypt-DSA FEDORA-2013-15786
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for perl-Crypt-DSA FEDORA-2013-15755
The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 18 Update: perl-Crypt-DSA-1.17-10.fc18
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation...
[SECURITY] Fedora 19 Update: perl-Crypt-DSA-1.17-10.fc19
Crypt::DSA is an implementation of the DSA Digital Signature Algorithm signature verification system. This package provides DSA signing, signature verification, and key generation...
Fedora 19 : perl-Crypt-DSA-1.17-10.fc19 (2013-15786)
As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...
Fedora 18 : perl-Crypt-DSA-1.17-10.fc18 (2013-15755)
As taught by the '09 Debian PGP disaster relating to DSA, the randomness source is extremely important. On systems without /dev/random, Crypt::DSA falls back to using Data::Random. Data::Random uses rand, about which the perldoc says 'rand is not cryptographically secure. You should not rely on i...
Open redirect
Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and 6.22.1 before rev14 uses the crypt and SHA-1 algorithms for password hashing, which makes it easier for context-dependent attackers to obtain cleartext passwords via a brute-force attack...
Amazon Linux AMI : postgresql (ALAS-2011-12)
A signedness issue was found in the way the crypt function in the PostgreSQL pgcrypto module handled 8-bit characters in passwords when using Blowfish hashing. Up to three characters immediately preceding a non-ASCII character one with the high bit set had no effect on the hash result, thus...