Displaying 20 results from an estimated 2000 matches similar to: "Impact of the Debian OpenSSL vulnerability"
2008 May 16
0
CentOS-announce Digest, Vol 39, Issue 7
Send CentOS-announce mailing list submissions to
centos-announce at centos.org
To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-request at centos.org
You can reach the person managing the list at
centos-announce-owner at centos.org
When
2008 May 22
0
/home/putnopvut/asa/AST-2008-007/AST-2008-007: AST-2008-007 Cryptographic keys generated by OpenSSL on Debian-based systems compromised
Asterisk Project Security Advisory - AST-2008-007
+------------------------------------------------------------------------+
| Product | Asterisk |
|--------------------+---------------------------------------------------|
| Summary | Asterisk installations using cryptographic keys |
| | generated
2008 May 16
1
Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
[please CC me on replies]
On Thu, May 15, 2008 at 08:08:39PM +0200, Daniel de Kok wrote:
> Questions on how this may affect CentOS users should be directed to
> the CentOS users list. List subscription information is available
> from:
In addition to the fixed OpenSSL packages, Debian also released an update to
OpenSSH that includes a blacklist of the weak keys. With this update, any
2008 May 18
1
Re: [CentOS-announce] Impact of the Debian OpenSSL vulnerability
Ralph Angenendt <ra+centos at br-online.de> wrote:
>>
I don't think the OpenSSH devels really do care about that - there is no
discussion whatsoever on the secureshell list or on the devel list.
No idea about our upstream, but I don't think so either.
<<
Correct: all that needs to be said was said years ago, by Dr. Robert E.
Coveyou, of Oak Ridge National Laboratory
2017 Dec 11
2
Mailsploit problem in responce of ENVELOPE
Hi,
Sorry, It comes by fetching ENVELOPE, not BODYSTRUCTURE.
For example:
A01 UID FETCH 24 (ENVELOPE)
* 4 FETCH (UID 24 ENVELOPE ("Fri, 08 Dec 2017 09:44:35 +0900" "test2" ((NIL NIL "service" "paypal.com")) (("dev1" NIL "dev1-bounces" "example.com")) ((NIL NIL "service" "paypal.com")) (("user1"
2017 Dec 11
0
Mailsploit problem in responce of ENVELOPE
Hi,
Additionally, I just tried bellow:
From: service at paypal.com<iframe onload=alert(document.cookie) src=https://www.hushmail.com style="display:none"\n\0 at mailsploit.com
Reply-To: service at paypal.com<iframe onload=alert(document.cookie) src=https://www.hushmail.com style="display:none"\n\0 at mailsploit.com
Thanks
----- Original Message -----
> Hi,
>
2017 Dec 11
1
Mailsploit problem in responce of ENVELOPE
Hi,
I'm sorry, I had been tested by miss From/Reply-To,
If From/Reply-To addresses are bellow:
From: =?utf-8?b?c2VydmljZUBwYXlwYWwuY29tPGlmcmFtZSBvbmxvYWQ9YWxlcnQoZG9jdW1lbnQuY29va2llKSBzcmM9aHR0cHM6Ly93d3cuaHVzaG1haWwuY29tIHN0eWxlPSJkaXNwbGF5Om5vbmUi?==?utf-8?Q?=0A=00?=@mailsploit.com
Reply-To:
2012 Jan 20
2
Regarding Pubkey Enumeration
HD Moore from MetaSploit has noted that, given a pubkey (and not the
corresponding private key, as might be found in authorized_keys), he can
determine if he'd be able to log into an account.
It's a small thing, but he's using it for very interesting
recon/deanonymization. He'll be releasing a paper shortly, not overplaying
the characteristic, but certainly showing it can be used
2004 Mar 18
1
latest openssl vulnerability
Is it true that (dynamic) binaries are vulnerable if and only if they are
linked with libssl.so.3, not with libcrypt or libcrypto?
Thanks for your help.
Andrew.
2002 Sep 16
0
Another OpenSSL Vulnerability -- this one with mod_ssl
http://www.cert.org/advisories/CA-2002-27.html
--
Tom Eastep \ Shorewall - iptables made easy
AIM: tmeastep \ http://www.shorewall.net
ICQ: #60745924 \ teastep@shorewall.net
2002 Jul 30
0
OpenSSL <=0.9.6d vulnerability
Are there any portions of OpenSSH which utilize vulnerable parts of
OpenSSL? I need to know if recompiling against 0.9.6e is necessary.
--Eric
2003 Oct 01
5
Recent OpenSSL vulnerability require rebuild of OpenSSH
We have OpenSSH built against a static version of the OpenSSL library.
Do the recent OpenSSL vulnerabilities necessitate a rebuild of
OpenSSH?
http://www.openssl.org/news/secadv_20030930.txt
>From the description of the four bugs, I'm inclined to think not.
--
albert chin (china at thewrittenword.com)
2014 Apr 07
0
OpenSSL vulnerability
Hello.
FYI a very serious OpenSSL flaw was made public today. It has implications
for existing OpenSSL key material though no direct impact on OpenSSH.
For those interested, here's a good description: http://heartbleed.com/
--mancha
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not
2014 Jun 06
2
does the openSSL security vulnerability (CVE-2014-0224) affect openssh?
Dear openssh developers,
can you please check, whether the vulnerability of openSSL (CVE-2014-0224):
http://www.openssl.org/news/secadv_20140605.txt
openssh affects?
Many thanks
Van Cu Truong
Tel.: +49 (211) 399 33598
Mobile: +49 (163) 1651728
cu.truongl at atos.net<mailto:cu.truongl at atos.net>
Otto-Hahn-Ring 6
81739 M?nchen, Deutschland
de.atos.net
2015 Mar 31
0
OpenSSL vulnerability fix
Centos 5 is not affected by this bug, so fix is not available.
Eero
31.3.2015 9.48 ap. kirjoitti "Venkateswara Rao Dokku" <dvrao.584 at gmail.com>:
> Hi All,
>
> I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570,
> CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd
> has the fixes I am looking for (from the
>
2013 Aug 06
2
Openssl vulnerability - SSL/ TLS Renegotion Handshakes
Hi,
I'm currently at CentOS 5.8. I'm using openssl version
openssl-0.9.8e-22.el5. The following vulnerability was reported by a Nessus
security scan:
"SSL/ TLS Renegotion Handshakes MiTm Plaintext Data Injection"
As per following link, Redhat has introduced openssl-0.9.8m which fixes
this specific issue:
2015 Mar 31
2
OpenSSL vulnerability fix
Hi All,
I wanted to fix the openssl vulnerabilities (CVE-2014-3569, CVE-2014-3570,
CVE-2014-3571, CVE-2014-3572) in my CentOS 5.5 and found out that 0.9.8zd
has the fixes I am looking for (from the
https://www.openssl.org/news/vulnerabilities.html link).
But, When I tried to find the openssl-0.9.8zd rpm package, I did not find
it in http://mirror.centos.org/centos/5/updates/x86_64/RPMS/.
The
2017 Dec 08
0
Mailsploit problem in responce of BODYSTRUCTURE
On Fri, Dec 08, 2017 at 18:47:37 +0900, TACHIBANA Masashi wrote:
> Hi,
>
> I tried to see a mail that have a strange From header in bellow URL:
>
> https://www.mailsploit.com/index
>
> Then, I got BODYSTRUCTURE response contain next:
>
> ((NIL NIL "service" "paypal.com"))
>
> Are this problem already founded by anyone?
> So already
2014 Apr 08
3
Heartbleed openssl vulnerability?
Do we know if dovecot is vulnerable to the heartbleed SSL problem?
I'm running dovecot-2.0.9 and openssl-1.01, the latter being
intrinsically vulnerable. An on-line tool says that my machine is not
affected on port 993 but it would be nice to know for sure if we were
vulnerable for a while. (Naturally I've blocked it anyway!).
Thanks
John
2003 Apr 22
1
cifs samba mailing list
For two days now I've tried for two days now to get cifs working on a
redhat 9.0 2.4.20 based linux box. I followed the instructions given at
http://de.samba.org/samba/Linux_CIFS_client.html, i.e. compiling
cifs-0.6.8 and mount.cifs rev. 1.2.2.1. I successfully loaded the cifs.o
as a module and following the given examples I tried:
[root@r151-101 cifs]# /sbin/mount.cifs //raid/demo