67 matches found
Hashcat v3.20 - World's Fastest and Most Advanced Password Recovery Utility
hashcat is the world's fastest and most advanced password recovery utility, supporting five unique modes of attack for over 160 highly-optimized hashing algorithms. hashcat currently supports CPU's, GPU's other hardware-accelerators on Linux, Windows and OSX, and has facilities to help enable...
FreeBSD : librsync -- collision vulnerability (b22b016b-b633-11e5-83ef-14dae9d210b8)
Michael Samuel reports : librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin we...
Code injection
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...
CVE-2014-8242
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...
CVE-2014-8242
CVE-2014-8242 concerns the librsync library. The issue affects versions before 1.0.0, where a truncated MD4 checksum is used to match blocks, enabling remote modification of transmitted data via a birthday attack. The provided materials state the vulnerability and its impact, but do not specify a...
CVE-2014-8242
librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...
[ MDVSA-2015:204 ] librsync
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDVSA-2015:204 http://www.mandriva.com/en/support/security/ Package : librsync Date : April 27, 2015 Affected: Business Server 1.0 Problem Description: Updated librsync packages fix security vulnerability: librsync...
Mandriva Linux Security Advisory : librsync (MDVSA-2015:204)
Updated librsync packages fix security vulnerability : librsync before 1.0.0 used a truncated MD4 strong check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions...
MGASA-2015-0146 Updated librsync packages fix security vulnerabilities
Updated librsync packages fix security vulnerability: librsync before 1.0.0 used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other region...
Updated librsync packages fix security vulnerabilities
Updated librsync packages fix security vulnerability: librsync before 1.0.0 used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other region...
Fedora 20 : csync2-1.34-15.fc20 / duplicity-0.6.25-3.fc20 / librsync-1.0.0-1.fc20 / etc (2015-3366)
Changes in librsync 1.0.0 2015-01-23 ====================================== - SECURITY: CVE-2014-8242: librsync previously used a truncated MD4 'strong' check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part...
librsync: checksum collision
librsync previously used a truncated MD4 "strong" check sum to match blocks. However, MD4 is not cryptographically strong. It's possible that an attacker who can control the contents of one part of a file could use it to control other regions of the file, if it's transferred using librsync/rdiff...
librsync -- collision vulnerability
Michael Samuel reports: librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, which makes it easier for remote attackers to modify transmitted data via a birthday attack...
Linux kernel 2.2 Predictable TCP Initial Sequence Number Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/670/info A vulnerability in the Linux kernel allows remote users to guess the initial sequence number of TCP sessions. This can be used to create spoofed TCP sessions bypassing some types of IP based access controls. The...
openSUSE Security Update : mozilla-nss (openSUSE-SU-2013:1539-1)
Mozilla NSS was updated to 3.15.2 bnc842979 - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add PK11CipherFinal macro - sizeof used incorrectly - nssutilReadSecmodDB leaks memory - Allow...
oclHashcat v1.2 - GPGPU-based Multi-hash Cracker
oclHashcat is a GPGPU-based multi-hash cracker using a brute-force attack implemented as mask attack, combinator attack, dictionary attack, hybrid attack, mask attack, and rule-based attack. This GPU cracker is a fusioned version of oclHashcat-plus and oclHashcat-lite. GPU Driver requirements: NV...
SuSE 11.2 / 11.3 Security Update : Mozilla NSS (SAT Patch Numbers 8484 / 8485)
"Mozilla NSS has been updated to 3.15.2 bnc847708 bringing various features and bugfixes : The main feature is TLS 1.2 support and its dependent algorithms. - Support for AES-GCM ciphersuites that use the SHA-256 PRF - MD2, MD4, and MD5 signatures are no longer accepted for OCSP or CRLs - Add...
Amazon Linux AMI : kernel (ALAS-2011-16)
The skbgroheaderslow function in include/linux/netdevice.h in the Linux kernel before 2.6.39.4, when Generic Receive Offload GRO is enabled, resets certain fields in incorrect situations, which allows remote attackers to cause a denial of service system crash via crafted network traffic. Race...
Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2011-2033)
The remote Oracle Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-2033 advisory. - ipv6: make fragment identifications less predictable Joe Jin CVE-2011-2699 - vlan: fix panic when handling priority tagged frames Joe Jin...
Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
CVE-2009-2409 deprecate MD2 in SSL cert validation Kaminsky CVE-2009-2408 firefox/nss: doesn't handle NULL in Common Name properly CVE-2009-2654 firefox: URL bar spoofing vulnerability CVE-2009-3072 Firefox 3.5.3 3.0.14 browser engine crashes CVE-2009-3075 Firefox 3.5.2 3.0.14 JavaScript engine...