35 matches found
FreeBSD arc4random (9)伪随机数生成器不充分漏洞
BUGTRAQ ID: 32447 CVECAN ID: CVE-2008-5162 FreeBSD就是一种运行在Intel平台上、可以自由使用的开放源码Unix类系统。 FreeBSD内核中广泛使用arc4random9随机数生成器,一些应用依赖于该随机数生成器的加密强度。arc4random9定期用来自FreeBSD内核的Yarrow随机数生成器的熵重新提供种子,Yarrow随机数生成器从包括硬件中断等各种来源收集熵。在引导阶段,从用户域向Yarrow随机数生成器提供了额外的,以确保加密中有足够的熵。...
FreeBSD-SA-08:11.arc4random
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random9 predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24...
FreeBSD -- arc4random(9) predictable sequence vulnerability
Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...
PT-2008-4988 · Apple · Iphone +1
Name of the Vulnerable Software and Affected Versions: Apple iPod touch versions 2.0 through 2.0.2 Apple iPhone versions 2.0 through 2.0.2 Description: The issue is related to the Networking subsystem, which uses predictable TCP initial sequence numbers. This allows remote attackers to potentiall...
Ubuntu 6.06 LTS / 6.10 : libnet-dns-perl vulnerabilities (USN-483-1)
Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. CVE-2007-3377 Steffen Ullrich discovered that the Net::DNS Perl module did not correctly...
USN-483-1: libnet-dns-perl vulnerabilities
Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible machine-in-the-middle attacks. CVE-2007-3377 Steffen Ullrich discovered that the Net::DNS Perl module did not correctly...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
Code injection
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2007-3377
CVE-2007-3377 affects the Perl module Net::DNS (pre-0.60). The issue: Net::DNS generates predictable DNS query IDs (fixed increment) and can reuse the same starting ID for all child processes of a forking server, enabling remote attackers to spoof DNS responses. Connected advisories show mitigati...
CVE-2007-3377
Header.pm in Net::DNS before 0.60, a Perl module, 1 generates predictable sequence IDs with a fixed increment and 2 can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin...
CVE-2002-1463
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers ISN, which allows remote attackers to spoof connections...
Проблемы с libdes в NetBSD
Если отсутствует или не функционирует /dev/urandom, используется предсказуемая последовательность при генерации ключей...
CVE-2000-0178
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions...