1487 matches found
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
xml-security-1.3.0-1jpp.ep1.*: XMLDsig HMAC-based signatures spoofing and authentication bypass
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
[Backports-security-announce] Security Update for xml-security-c
Russ Allbery uploaded new packages for xml-security-c which fixed the following security problems: CVE-2009-0217 CERT VU466161 It was discovered that the W3C XML Signature recommendation contains a protocol-level vulnerability related to HMAC output truncation. This update implements the proposed...
DSA-1849-1 xml-security-c - signature forgery
Bulletin has no description...
Multiple Vendor HMAC Authentication SNMPv3 Authentication Bypass
SNMPv3 HMAC verification relies on the client to specify the HMAC length. This makes it possible for remote attackers to bypass SNMP authentication via repeated attempts with a HMAC length value of 1, which causes only the first byte of the authentication hash to be checked. This issue affects SN...
FreeBSD : mono -- XML signature HMAC truncation spoofing (708c65a5-7c58-11de-a994-0030843d3802)
Secunia reports : A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and...
mono -- XML signature HMAC truncation spoofing
Secunia reports: A security issue has been reported in Mono, which can be exploited by malicious people to conduct spoofing attacks. The security issue is caused due to an error when processing certain XML signatures...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
Authentication flaw
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
CVE-2009-0217
CVE-2009-0217 arises from the XML Digital Signature processing where a parameter (HMACOutputLength) does not enforce a minimum length, enabling signature spoofing and authentication bypass across multiple products (e.g., XML-DSig implementations in Oracle, BEA WebLogic, Mono, XML Security Library...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
XML signature HMAC truncation authentication bypass
Overview The XML Signature specification allows for HMAC truncation, which may allow a remote attacker to bypass authentication. Description XML Signature Syntax and Processing XMLDsig is a W3C recommendation for providing integrity, message authentication, and/or signer authentication services f...
CVE-2009-0217
The design of the W3C XML Signature Syntax and Processing XMLDsig recommendation, as implemented in products including 1 the Oracle Security Developer Tools component in Oracle Application Server 10.1.2.3, 10.1.3.4, and 10.1.4.3IM; 2 the WebLogic Server component in BEA Product Suite 10.3, 10.0...
Timing attack in Google Keyczar library
Firstly, I’m really glad to see more high-level libraries being developed so that programmers don’t have to work directly with algorithms. Keyczar is definitely a step in the right direction. Thanks to all the people who developed it. Also, thanks to Stephen Weis for responding quickly to address...
Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : net-snmp vulnerabilities (USN-685-1)
Wes Hardaker discovered that the SNMP service did not correctly validate HMAC authentication requests. An unauthenticated remote attacker could send specially crafted SNMPv3 traffic with a valid username and gain access to the user's views without a valid authentication passphrase. CVE-2008-0960...
InGate Firewall和SIParator多个安全漏洞
BUGTRAQ ID: 34309 Ingate Firewall和SIParator都是企业级的硬件防火墙设备。 Ingate Firewall和SIParator中存在多个安全漏洞,恶意用户可以利用这些漏洞执行欺骗攻击、绕过某些安全限制或导致拒绝服务。 1 如果将IPsec隧道将远程网络设置为允许“Remote/private address”配置单元,就可能允许任意用户配置单元。 2 IDS/IPS实现中的错误可能允许SIP报文绕过欺骗和IPsec检查。 3 验证DSA和ECDSA密钥签名中的错误可能导致伪造服务器证书。 4 验证HMAC...
Ubuntu Update for net-snmp vulnerabilities USN-685-1
Ubuntu Update for Linux kernel vulnerabilities USN-685-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN6851.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for net-snmp vulnerabilities USN-685-1 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...