616 matches found
cPanel Support Server Compromised
Website hosting provider cPanel is calling on some users to change their passwords after it informed them on Friday that hackers compromised one of its technical support department’s servers. The hosting provider does not know for certain the extent of the hack or what, if any, information was...
Hundreds of SSH Private Keys exposed via GitHub Search
GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades...
CVE-2012-4898
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...
Design/Logic Flaw
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...
CVE-2012-4898 Tropos Wireless Mesh Routers Insufficient Entropy
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by leveraging knowledge of a key from a product installation elsewhere...
PT-2012-5647 · Tropos · Mesh Os
Name of the Vulnerable Software and Affected Versions: Tropos wireless mesh routers Mesh OS versions prior to 7.9.1.1 Description: The issue is related to insufficient entropy for SSH keys, making it easier for man-in-the-middle attackers to spoof a device or modify a client-server data stream by...
On Windows, Fisheye attempts to make ssh keys private but appears to be unsucessful
While testing FE-4315 on Windows, I noticed that even when generating a private key using Fisheye, the files permissions do not appear to actually change. The code to make the file private is this, in FileSystemUtils: code if SystemUtils.ISOSWINDOWS String username = System.getenv"USERNAME"; Stri...
On Windows, Fisheye attempts to make ssh keys private but appears to be unsucessful
While testing FE-4315 on Windows, I noticed that even when generating a private key using Fisheye, the files permissions do not appear to actually change. The code to make the file private is this, in FileSystemUtils: code if SystemUtils.ISOSWINDOWS String username = System.getenv"USERNAME"; Stri...
[SECURITY] Fedora 17 Update: cloud-init-0.6.3-0.5.bzr532.fc17
Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...
[SECURITY] Fedora 16 Update: cloud-init-0.6.3-0.5.bzr532.fc16
Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...
[SECURITY] Fedora 18 Update: cloud-init-0.6.3-0.5.bzr532.fc18
Cloud-init is a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install ssh keys and to let the user run various scripts...
Scientific Linux Security Update : selinux-policy on SL6.x i386/x86_64 (20120307)
This update fixes the following bugs : - An incorrect SELinux policy prevented the qpidd service from connecting to the AMQP Advanced Message Queuing Protocol port when the qpidd daemon was configured with Corosync clustering. These selinux-policy packages contain updated SELinux rules, which all...
Scientific Linux Security Update : selinux-policy on SL5.x i386/x86_64 (20120209)
The selinux-policy packages contain the rules that govern how confined processes run on the system. This update fixes the following bug : - With SELinux in enforcing mode, an Open MPI Message Passing Interface job submitted to the parallel universe environment failed when an attempt to generate S...
kexec-tools: Multiple security flaws by management of kdump core files and ramdisk images
The Red Hat mkdumprd script for kexec-tools, as distributed in the kexec-tools 1.x before 1.102pre-154 and 2.x before 2.0.0-209 packages in Red Hat Enterprise Linux, includes all of root's SSH private keys within a vmcore file, which allows context-dependent attackers to obtain sensitive...
Linux.com down again due to Security Breach
Linux.com down again due to Security Breach Linux Foundation infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are again down for maintenance due to a security breach that was discovered on September 8, 2011. Investigators yet can't elaborate the source of attack...
Linux Foundation Shuts More Web Sites After Discovering Compromise
The ripple effects of an August attack on the website kernel.org washed up on the Linux Foundation last week, forcing the group to take down its Web site and warn users that their account information may have been compromised. A message posted on the Foundation’s Web site, linux.com, over the...
Linux Foundation & Linux.com multiple server compromised
Linux Foundation & Linux.com multiple server compromised The Linux Foundation has pulled its websites from the web to clean up from a "security breach". A notice posted on the Linux Foundation said the entire infrastructure including LinuxFoundation.org, Linux.com, and their subdomains are down f...
Fedora Update for pam_ssh FEDORA-2011-8006
Check for the Version of pamssh OpenVAS Vulnerability Test Fedora Update for pamssh FEDORA-2011-8006 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
[SECURITY] Fedora 14 Update: pam_ssh-1.97-7.fc14
This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...
[SECURITY] Fedora 13 Update: pam_ssh-1.97-7.fc13
This PAM module provides single sign-on behavior for UNIX using SSH keys. Users are authenticated by decrypting their SSH private keys with the password provided. In the first PAM login session phase, an ssh-agent process is started and keys are added. The same agent is used for the following PAM...