Twenty Year Anniversary
Showing 1 - 25 of 264 RSS Feed

Crypto Files

Ubuntu Security Notice USN-3616-2
Posted Apr 9, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-2 - USN-3616-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information. Various other issues were also addressed.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | bba26afb207ddfb1391a3848e4cd104d
Ubuntu Security Notice USN-3616-1
Posted Apr 3, 2018
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3616-1 - It was discovered that Python Crypto incorrectly generated ElGamal key parameters. A remote attacker could possibly use this issue to obtain sensitive information.

tags | advisory, remote, crypto, python
systems | linux, ubuntu
advisories | CVE-2018-6594
MD5 | fcedecfcc4487ed429b56fae81f791b6
Debian Security Advisory 4147-1
Posted Mar 22, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4147-1 - Several vulnerabilities were discovered in PolarSSL, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

tags | advisory, remote, arbitrary, crypto, vulnerability
systems | linux, debian
advisories | CVE-2017-18187, CVE-2018-0487, CVE-2018-0488
MD5 | 72ed8cbee080cd97ded9b982a753f4a2
Debian Security Advisory 4138-1
Posted Mar 15, 2018
Authored by Debian | Site debian.org

Debian Linux Security Advisory 4138-1 - Several vulnerabilities were discovered in mbed TLS, a lightweight crypto and SSL/TLS library, that allowed a remote attacker to either cause a denial-of-service by application crash, or execute arbitrary code.

tags | advisory, remote, arbitrary, crypto, vulnerability
systems | linux, debian
advisories | CVE-2017-18187, CVE-2018-0487, CVE-2018-0488
MD5 | d5d19957a8a5081f78111a7aa8f37028
Primefaces 5.x Remote Code Execution
Posted Jan 18, 2018
Authored by Bjoern Schuette | Site metasploit.com

This Metasploit module exploits an expression language remote code execution flaw in the Primefaces JSF framework. Primefaces versions prior to 5.2.21, 5.3.8 or 6.0 are vulnerable to a padding oracle attack, due to the use of weak crypto and default encryption password and salt.

tags | exploit, remote, crypto, code execution
advisories | CVE-2017-1000486
MD5 | a290d8a9cb6552111c22dc331da1c4dc
Key Reinstallation: Forcing Nonce Reuse In WPA2
Posted Oct 16, 2017
Authored by Frank Piessens, Mathy Vanhoef | Site krackattacks.com

Whitepaper called Reinstallation Attacks: Forcing Nonce Reuse in WPA2. This research paper will be presented on at the Computer and Communications Security (CCS) conference on November 1, 2017. This paper details a flaw in the WPA2 protocol itself and most devices that makes use of WPA2 are affected.

tags | paper, crypto, protocol
advisories | CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088
MD5 | 9ae08a7eee791f7977ada5c05ba50f29
Debian Security Advisory 3967-1
Posted Sep 8, 2017
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3967-1 - An authentication bypass vulnerability was discovered in mbed TLS, a lightweight crypto and SSL/TLS library, when the authentication mode is configured as 'optional'. A remote attacker can take advantage of this flaw to mount a man-in-the-middle attack and impersonate an intended peer via an X.509 certificate chain with many intermediates.

tags | advisory, remote, crypto, bypass
systems | linux, debian
advisories | CVE-2017-14032
MD5 | 6090bbf6fd99aeda841cc87bed7996d4
Ubuntu Security Notice USN-3199-3
Posted Aug 28, 2017
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 3199-3 - USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. A It was discovered that the ALGnew function in block_templace.c in the A Python Cryptography Toolkit contained a heap-based buffer overflow A vulnerability. A remote attacker could use this flaw to execute A arbitrary code by using a crafted initialization vector parameter. Various other issues were also addressed.

tags | advisory, remote, overflow, arbitrary, crypto, python
systems | linux, ubuntu
MD5 | 268bc2efb224a1765a620d2ba927ba05
Ubiquiti Networks UniFi Cloud Key Command Injection / Privilege Escalation
Posted Jul 27, 2017
Authored by T. Weber | Site sec-consult.com

Ubiquiti Networks UniFi Cloud Key with firmware versions 0.5.9 and 0.6.0 suffer from weak crypto, privilege escalation, and command injection vulnerabilities.

tags | exploit, crypto, vulnerability
MD5 | 9d9057dd1f6cb362de396bc65e582462
RSA BSAFE Crypto-J Cryptography Failure
Posted Jan 28, 2017
Site emc.com

RSA BSAFE Crypto-J versions prior to 6.2.2 suffer from improper OCSP validation and PKCS#12 timing attack vulnerabilities.

tags | advisory, crypto, vulnerability
advisories | CVE-2016-8212, CVE-2016-8217
MD5 | 49ddf75098380770f8fc8cd1d9e75886
RSA BSAFE Lenstra's Attack
Posted Apr 11, 2016
Site emc.com

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, and SSL-J contain a fix to address Lenstra's attack. RSA BSAFE Micro Edition Suite (MES) 4.1.5, RSA BSAFE Crypto-C Micro Edition (CCME) 4.1.3, RSA BSAFE Crypto-J 6.2.1, and RSA BSAFE SSL-J 6.2.1 are affected.

tags | advisory, crypto
advisories | CVE-2016-0887
MD5 | 7ec29a2f462d5026880ce46986340850
Apple Security Advisory 2016-03-21-7
Posted Mar 22, 2016
Authored by Apple | Site apple.com

Apple Security Advisory 2016-03-21-7 - OS X Server 5.1 is now available and addresses RC4 crypto weaknesses, file access, and information disclosure vulnerabilities.

tags | advisory, crypto, vulnerability, info disclosure
systems | apple, osx
advisories | CVE-2016-1774, CVE-2016-1776, CVE-2016-1777, CVE-2016-1787
MD5 | f256c898392904a019b6cae8d63efdf2
XOOPS 2.5.7.2 Weak Crypto
Posted Mar 18, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XOOPS version 2.5.7.2 uses weak one way hash crypto MD5 along with unsalted passwords stored in the database.

tags | advisory, crypto
MD5 | 9e9d186c45f842cd740c053fa67d5a2b
Debian Security Advisory 3457-1
Posted Jan 28, 2016
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3457-1 - Multiple security issues have been found in Iceweasel, Debian's version buffer overflow may lead to the execution of arbitrary code. In addition the bundled NSS crypto library addresses the SLOTH attack on TLS 1.2.

tags | advisory, overflow, arbitrary, crypto
systems | linux, debian
advisories | CVE-2015-7575, CVE-2016-1930, CVE-2016-1935
MD5 | 4b063b5e0413f1e0f06bcc5d3f9f9918
XMB - eXtreme Message Board 1.9.11.13 Weak Crypto / Insecure Password Storage
Posted Jan 23, 2016
Authored by hyp3rlinx | Site hyp3rlinx.altervista.org

XMB - eXtreme Message Board version 1.9.11.13 suffers from weak crypto and insecure password storage vulnerabilities.

tags | exploit, crypto, vulnerability
MD5 | 72e3751de0e02bb5aae9f8c87c42de57
Debian Security Advisory 3417-1
Posted Dec 14, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3417-1 - Tibor Jager, Jorg Schwenk, and Juraj Somorovsky, from Horst Gortz Institute for IT Security, published a paper in ESORICS 2015 where they describe an invalid curve attack in Bouncy Castle Crypto, a Java library for cryptography. An attacker is able to recover private Elliptic Curve keys from different applications, for example, TLS servers.

tags | advisory, java, crypto
systems | linux, debian
advisories | CVE-2015-7940
MD5 | bd709c45178d7ae9afbc3b9046f127c4
FreeBSD Security Advisory - ntp Authentication Bypass
Posted Oct 26, 2015
Site security.freebsd.org

FreeBSD Security Advisory - Crypto-NAK packets can be used to cause ntpd(8) to accept time from an unauthenticated ephemeral symmetric peer by bypassing the authentication required to mobilize peer associations. FreeBSD 9.3 and 10.1 are not affected. Various other issues have also been addressed.

tags | advisory, crypto
systems | freebsd
advisories | CVE-2015-7701, CVE-2015-7702, CVE-2015-7703, CVE-2015-7704, CVE-2015-7848, CVE-2015-7849, CVE-2015-7850, CVE-2015-7851, CVE-2015-7852, CVE-2015-7853, CVE-2015-7854, CVE-2015-7855, CVE-2015-7871
MD5 | ad57d8b6fd48b773d3e8e84c18d972e4
RSA BSAFE Crypto Attacks / Denial Of Service
Posted Aug 17, 2015
Site emc.com

RSA BSAFE Micro Edition Suite, Crypto-C Micro Edition, Crypto-J, SSL-J and SSL-C all suffer from various crypto, denial of service, and underflow vulnerabilities.

tags | advisory, denial of service, crypto, vulnerability
advisories | CVE-2015-0533, CVE-2015-0534, CVE-2015-0535, CVE-2015-0536, CVE-2015-0537
MD5 | f5ef6999daddcffb2197ac8414aebba8
Dismantling Megamos Crypto: Wirelessly Lockpicking A Vehicle Immobilizer
Posted Aug 14, 2015
Authored by Baris Ege, Roel Verdult, Flavio D. Garcia

The Megamos Crypto transponder is used in one of the most widely deployed electronic vehicle immobilizers. It is used among others in most Audi, Fiat, Honda, Volkswagen and Volvo cars. Such an immobilizer is an anti-theft device which prevents the engine of the vehicle from starting when the corresponding transponder is not present. This transponder is a passive RFID tag which is embedded in the key of the vehicle. In this paper, the authors have reverse-engineered all proprietary security mechanisms of the transponder, including the cipher and the authentication protocol which we publish here in full detail. This article reveals several weaknesses in the design of the cipher, the authentication protocol and also in their implementation.

tags | paper, crypto, protocol
MD5 | 552ea71c6b3759788ec94e28a8f7c722
QNAP Crypto Key Disclosure
Posted Aug 11, 2015
Authored by Andreas Steinmetz

QNAP devices running the QNAP modified 3.12.6 kernel with firmware older than 4.1.4 Build 0804 log crypto keys on an unencrypted disk partition in world accessible files.

tags | advisory, kernel, crypto
MD5 | 0f6ac7dc63f09be9bc5d5e81c51bf6c0
OpenSSL Alternative Chains Certificate Forgery MITM Proxy
Posted Jul 27, 2015
Authored by Ramon de C Valle, Adam Langley, David Benjamin | Site metasploit.com

This Metasploit module exploits a logic error in OpenSSL by impersonating the server and sending a specially-crafted chain of certificates, resulting in certain checks on untrusted certificates to be bypassed on the client, allowing it to use a valid leaf certificate as a CA certificate to sign a fake certificate. The SSL/TLS session is then proxied to the server allowing the session to continue normally and application data transmitted between the peers to be saved. The valid leaf certificate must not contain the keyUsage extension or it must have at least the keyCertSign bit set (see X509_check_issued function in crypto/x509v3/v3_purp.c); otherwise; X509_verify_cert fails with X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY. This Metasploit module requires an active man-in-the-middle attack.

tags | exploit, crypto
advisories | CVE-2015-1793
MD5 | 244abcb9001d9746e6846f9785dab572
Ubuntu Security Notice USN-2545-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2545-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
MD5 | 5ae0554e64e796d299cb0dd60398e427
Ubuntu Security Notice USN-2546-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2546-1 - A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. A flaw was discovered in the crypto subsystem when screening module names for automatic module loading if the name contained a valid crypto module name, eg. vfat(aes). A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-9644, CVE-2015-1421, CVE-2015-1465
MD5 | 3c3b871a5068bd2fff0e393ad0aa76aa
Ubuntu Security Notice USN-2544-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2544-1 - Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-9644, CVE-2015-0274
MD5 | bcd5ca8cc6652f61057ffcc8f2ab46f0
Ubuntu Security Notice USN-2543-1
Posted Mar 24, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2543-1 - Eric Windisch discovered flaw in how the Linux kernel's XFS file system replaces remote attributes. A local access with access to an XFS file system could exploit this flaw to escalate their privileges. A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. Various other issues were also addressed.

tags | advisory, remote, kernel, local, crypto
systems | linux, ubuntu
advisories | CVE-2013-7421, CVE-2014-7822, CVE-2014-9644, CVE-2015-0274
MD5 | 1fd345a98c5bea2aa825c73ef793cbc0
Page 1 of 11
Back12345Next

Want To Donate?


Bitcoin: 18PFeCVLwpmaBuQqd5xAYZ8bZdvbyEWMmU

File Archive:

April 2018

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    5 Files
  • 2
    Apr 2nd
    17 Files
  • 3
    Apr 3rd
    11 Files
  • 4
    Apr 4th
    21 Files
  • 5
    Apr 5th
    17 Files
  • 6
    Apr 6th
    12 Files
  • 7
    Apr 7th
    1 Files
  • 8
    Apr 8th
    6 Files
  • 9
    Apr 9th
    21 Files
  • 10
    Apr 10th
    18 Files
  • 11
    Apr 11th
    42 Files
  • 12
    Apr 12th
    7 Files
  • 13
    Apr 13th
    14 Files
  • 14
    Apr 14th
    1 Files
  • 15
    Apr 15th
    1 Files
  • 16
    Apr 16th
    15 Files
  • 17
    Apr 17th
    20 Files
  • 18
    Apr 18th
    24 Files
  • 19
    Apr 19th
    20 Files
  • 20
    Apr 20th
    2 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2018 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close