EUVD-2005-2519

Malware in sbrugna...

Number of Devices Sharing Private Crypto Keys Up Sharply

Researchers at SEC Consult say the number of internet gateways, routers, modems and other embedded devices sharing cryptographic keys and certificates is up 40 percent since the Austrian consulting firm first looked at the problem in November. The report, posted Tuesday called “House of Keys,”...

CVE-2005-0579

Affected software: nxagent in FreeNX before 0.2.8. Issue: missing handling of an unset XAUTHORITY environment variable. Impact: local users can access the X server without X authentication. Notes: the records do not specify a patch version or remediation steps. If true fixes or mitigations exist,...

CVE-2004-1088

Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information...

RHEL 2.1 : vnc (RHSA-2003:068)

Updated VNC packages are available to fix a weak cookie vulnerability. VNC is a tool for providing a remote graphical user interface. The VNC server acts as an X server, but the script for starting it generates an MIT X cookie which is used for X authentication without using a strong enough rando...

CVE-2002-0916

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call...