FreeBSD-SA-08:11.arc4random

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-08.11.arc4random Security Advisory The FreeBSD Project Topic: arc4random9 predictable sequence vulnerability Category: core Module: sys Announced: 2008-11-24...

FreeBSD -- arc4random(9) predictable sequence vulnerability

Problem Description: When the arc4random9 random number generator is initialized, there may be inadequate entropy to meet the needs of kernel systems which rely on arc4random9; and it may take up to 5 minutes before arc4random9 is reseeded with secure entropy from the Yarrow random number...

[USN-670-1] VMBuilder vulnerability

=========================================================== Ubuntu Security Notice USN-670-1 November 13, 2008 vm-builder vulnerability https://bugs.launchpad.net/+bug/296841 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu...

USN-670-1: VMBuilder vulnerability

Mathias Gug discovered that vm-builder improperly set the root password when creating virtual machines. An attacker could exploit this to gain root privileges to the virtual machine by using a predictable password. This vulnerability only affects virtual machines created with vm-builder under...

dns-random-txid NSE Script

Checks a DNS server for the predictable-TXID DNS recursion vulnerability. Predictable TXID values can make a DNS server vulnerable to cache poisoning attacks see CVE-2008-1447. The script works by querying txidtest.dns-oarc.net see . Be aware that any targets against which this script is run will...

dns-random-srcport NSE Script

Checks a DNS server for the predictable-port recursion vulnerability. Predictable source ports can make a DNS server vulnerable to cache poisoning attacks see CVE-2008-1447. The script works by querying porttest.dns-oarc.net see . Be aware that any targets against which this script is run will be...

Gentoo Security Advisory GLSA 200409-02 (MySQL)

The remote host is missing updates announced in advisory GLSA 200409-02. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

Design/Logic Flaw

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection...

CVE-2008-3612

The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and iPhone 2.0 through 2.0.2, uses predictable TCP initial sequence numbers, which allows remote attackers to spoof or hijack a TCP connection...

PT-2008-4988 · Apple · Iphone +1

Name of the Vulnerable Software and Affected Versions: Apple iPod touch versions 2.0 through 2.0.2 Apple iPhone versions 2.0 through 2.0.2 Description: The issue is related to the Networking subsystem, which uses predictable TCP initial sequence numbers. This allows remote attackers to potentiall...

FreeBSD Security Advisory (FreeBSD-SA-06:01.texindex.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:01.texindex.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

FreeBSD Ports: wine

The remote host is missing an update to the system as announced in the referenced advisory. VID 48a59c96-9c6e-11d9-a040-000a95bc6fae OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: mod_dosevasive20

The remote host is missing an update to the system as announced in the referenced advisory. VID 88ff90f2-6e43-11d9-8c87-000a95bc6fae OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Security Advisory (FreeBSD-SA-06:02.ee.asc)

The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-06:02.ee.asc SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

openoffice -- document disclosure

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows DNS Client Spoofing Vulnerability (MS08-020, 945553)

The remote host is probably affected by the vulnerability described in CVE-2008-0087 SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

PowerDNS Recursor 3.x < 3.1.6 DNS Predictable Transaction ID (TRXID) Cache Poisoning

According to its self-reported version number, the version of PowerDNS Recursor listening on the remote host is version 3.x prior to 3.1.6. It is, therefore, affected by a cache poisoning vulnerability due to insufficient randomness to calculate TRXID values and UDP source port numbers. A remote...

Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : php5 vulnerabilities (USN-628-1)

It was discovered that PHP did not properly check the length of the string parameter to the fnmatch function. An attacker could cause a denial of service in the PHP interpreter if a script passed untrusted input to the fnmatch function. CVE-2007-4782 Maksymilian Arciemowicz discovered a flaw in t...

openSUSE 10 Security Update : pdns (pdns-5242)

pdns used predictable random numbers for DNS responses. Therfore attackers could generate spoofed DNS responses CVE-2008-1637. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update pdns-5242. The te...

Debian OpenSSL Predictable PRNG Bruteforce SSH Exploit (Python)

No description provided by source. !/bin/python This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version...