CVE-2007-6043

CVE-2007-6043 concerns the CryptGenRandom generator on Windows 2000, which produces predictable values. The description states this can let context-dependent attackers weaken cryptographic mechanisms, demonstrated via attacks on forward and backward security related to the use of eight RC4 instan...

Design/Logic Flaw

The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors...

[Full-disclosure] Predictable DNS transaction IDs in Microsoft DNS Server

1 Summary Affected software: Microsoft Windows 2003 SP2, Microsoft Windows 2000 SP4 Server Vendor URL: www.microsoft.com Severity: Medium References: Microsoft Security Bulletin MS07-062, CVE-2007-3898 2 Vulnerability Description Microsoft DNS server generates predictable DNS transaction IDs. If...

Ubuntu 6.06 LTS / 6.10 : libnet-dns-perl vulnerabilities (USN-483-1)

Peter Johannes Holzer discovered that the Net::DNS Perl module had predictable sequence numbers. This could allow remote attackers to carry out DNS spoofing, leading to possible man-in-the-middle attacks. CVE-2007-3377 Steffen Ullrich discovered that the Net::DNS Perl module did not correctly...

Fedora 7 : po4a-0.32-4.fc7 (2007-1763)

This update fixes a potential security problem information leak due to use of predictable name in /tmp. There is no CVE assignment yet Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automaticall...

Fedora 7 : c-ares-1.4.0-1.fc7 (2007-0724)

There is a vulnerability in c-ares 1.4.0, caused by predictable DNS 'Transaction ID' field in DNS queries and can be exploited to poison the DNS cache of an application using the library if a valid ID is guessed. http://www.vuxml.org/freebsd/70ae62b0-16b0-11dc-b803-0016179b2dd5.html Note that...

SOL8077 - BIND 8 vulnerability CVE-2007-2930

The NSIDSHUFFLEONLY and NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches using unknown vectors...

CVE-2003-1391

RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the passphrase and generates predictable keys, which makes it easier for attackers to guess the passphrase...

CVE-2003-1391

The provided data identifies CVE-2003-1391 affecting RTS CryptoBuddy 1.0 and 1.2, where a weak encryption algorithm for the passphrase and generation of predictable keys are cited as the underlying flaws, making passphrase guesses easier. The CVSS metrics indicate a high-severity, network-attack ...

openSUSE 10 Security Update : fbi (fbi-1915)

The fbgs program did not activate security options in the postscript interpreter due to a typo CVE-2006-3119. fbgs also used a temporary directory with predictable name CVE-2006-1695. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

CVE-2007-2930

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...

Code injection

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...

CVE-2007-2930

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...

CVE-2007-2930

The 1 NSIDSHUFFLEONLY and 2 NSIDUSEPOOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote attackers to poison DNS caches via unknown vectors...

CVE-2007-2930

CVE-2007-2930 affects ISC BIND 8 up to 8.4.7-P1, where the NSID_SHUFFLE_ONLY and NSID_USE_POOL PRNGs generate predictable DNS query IDs when the resolver sends outgoing queries (e.g., NOTIFY). This weakness enables remote attackers to poison DNS caches via unknown vectors. The advisory notes this...

FreeBSD : rkhunter -- insecure temporary file creation (f14ad681-5b88-11dc-812d-0011098b2f36)

Gentoo reports : Sune Kloppenborg Jeppesen and Tavis Ormandy of the Gentoo Linux Security Team have reported that the checkupdate.sh script and the main rkhunter script insecurely creates several temporary files with predictable filenames. A local attacker could create symbolic links in the...

CVE-2007-4631

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames...

CVE-2007-4631

The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames...

ISC BIND < 8.4.7-P1 Outgoing Query Predictable DNS Query ID (deprecated)

Binary data 4195.prm...

GLSA-200708-13 : BIND: Weak random number generation

The remote host is affected by the vulnerability described in GLSA-200708-13 BIND: Weak random number generation Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable 1 chance to 8 query IDs in the resolver routine or in zone transfer...