thr3ads.net - Secure testing team - [Secure-testing-team] Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers [May 2009]

If this information is useful, please help other people find it:
Share via:

Giuseppe Iuculano

2009-May-16 14:52 UTC

[Secure-testing-team] Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

Package: ajaxterm
Version: 0.10-4
Severity: serious
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ajaxterm.

CVE-2009-1629[0]:
| ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with
| predictable random numbers based on certain JavaScript functions,
| which makes it easier for remote attackers to (1) hijack a session or
| (2) cause a denial of service (session ID exhaustion) via a
| brute-force attack.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1629
    http://security-tracker.debian.net/tracker/CVE-2009-1629

Cheers,
Giuseppe.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoO0y0ACgkQNxpp46476ap5kQCghMAQafc46v0qdvjymQs/2G8p
jZcAoI7a4mTbI3QBpyrx88Qlr9z9ojLG
=hk2D
-----END PGP SIGNATURE-----

Secure testing team - May 2009 - Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers

[Secure-testing-team] Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers