«
Expand/Collapse
76 items tagged "man in the middle attack"
Related tags:
https certificates [+],
encrypted communications [+],
attacker [+],
nss [+],
david black [+],
x 509 [+],
server certificate [+],
puppet master [+],
puppet [+],
option [+],
master [+],
certificate [+],
ubuntu [+],
nspr [+],
gpg signature [+],
security [+],
william grant [+],
verify host [+],
tim brown [+],
software properties [+],
simon ruderich [+],
server certificates [+],
repositories [+],
python library [+],
pop3s [+],
marc deslauriers [+],
lts [+],
kssl [+],
insecure connection [+],
imaps [+],
hostnames [+],
deslauriers [+],
configuration option [+],
arbitrary files [+],
notice [+],
whitepaper [+],
vulnerability [+],
usn [+],
traffic [+],
tool [+],
tcp session [+],
tcp [+],
ssl connections [+],
ssl [+],
session [+],
portuguese [+],
perl [+],
perjack [+],
news [+],
master key [+],
leverage [+],
lan [+],
hacks [+],
certificate chain [+],
wifi hotspot [+],
video [+],
upgrade [+],
security component [+],
protection [+],
plug in [+],
module [+],
mike [+],
manager. one [+],
intel [+],
hdmi [+],
hdcp [+],
encryption scheme [+],
doesn [+],
digital content protection [+],
coffee shops [+],
cd media [+],
apache [+],
Wireless [+],
Support [+],
security notice [+],
steve dispensa [+],
sslv3 [+],
marsh ray [+],
tls [+],
update [+],
renegotiation [+]
-
-
15:58
»
Packet Storm Security Advisories
Ubuntu Security Notice 1385-1 - Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
15:58
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1385-1 - Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
15:58
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1385-1 - Simon Ruderich discovered that APT incorrectly handled repositories that use InRelease files. The default Ubuntu repositories do not use InRelease files, so this issue only affected third-party repositories. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
-
19:54
»
Packet Storm Security Advisories
Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
-
19:54
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
-
19:54
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1381-1 - It was discovered that Ubuntu One Couch did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information.
-
-
16:36
»
Packet Storm Security Advisories
Ubuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
-
16:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
-
16:36
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1375-1 - The httplib2 Python library earlier than version 0.7.0 did not perform any server certificate validation when using HTTPS connections. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to alter or compromise confidential information in applications that used the httplib2 library.
-
-
18:31
»
Packet Storm Security Advisories
Ubuntu Security Notice 1284-2 - USN-1284-1 fixed vulnerabilities in Update Manager. One of the fixes introduced a regression for Kubuntu users attempting to upgrade to a newer Ubuntu release. This update fixes the problem. David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. This update also adds a hotfix to Update Notifier to handle cases where the upgrade is being performed from CD media. Various other issues were also addressed.
-
-
18:55
»
Packet Storm Security Advisories
Ubuntu Security Notice 1352-1 - David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
18:55
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1352-1 - David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
18:55
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1352-1 - David Black discovered that Software Properties incorrectly validated server certificates when performing secure connections to download PPA GPG key fingerprints. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered package repository GPG keys.
-
-
9:52
»
Hack a Day
[bunnie] is up to his old tricks again. He successfully implemented a man-in-the-middle attack on HDCP-secured connections to overlay video in any HDMI video stream. There’s a bonus, too: his hack doesn’t use the HDCP master-key. It doesn’t violate the DMCA at all. HDCP is the awful encryption scheme that goes into HDMI-compatable devices. Before [...]
-
-
16:37
»
Packet Storm Security Advisories
Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
-
16:37
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
-
16:37
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1295-1 - It was discovered that Dovecot incorrectly validated certificate hostnames when being used as a POP3 and IMAP proxy. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to view sensitive information.
-
-
16:01
»
Hack a Day
It’s been a little while since we talked about HDCP around here, but recent developments in the area of digital content protection are proving very interesting. You might remember that the Master Key for HDCP encryption was leaked last year, just a short while after Intel said that the protection had been cracked. While Intel [...]
-
-
16:17
»
Packet Storm Security Advisories
Ubuntu Security Notice 1284-1 - David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. Various other issues were also addressed.
-
16:17
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1284-1 - David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. Various other issues were also addressed.
-
16:17
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1284-1 - David Black discovered that Update Manager incorrectly extracted the downloaded upgrade tarball before verifying its GPG signature. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to replace arbitrary files. David Black discovered that Update Manager created a temporary directory in an insecure fashion. A local attacker could possibly use this flaw to read the XAUTHORITY file of the user performing the upgrade. Various other issues were also addressed.
-
15:38
»
Packet Storm Security Advisories
Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
-
15:38
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
-
15:38
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1283-1 - It was discovered that APT incorrectly handled the Verify-Host configuration option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to steal repository credentials. This issue only affected Ubuntu 10.04 LTS and 10.10. USN-1215-1 fixed a vulnerability in APT by disabling the apt-key net-update option. This update re-enables the option with corrected verification. It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. Various other issues were also addressed.
-
-
7:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.
-
7:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.
-
7:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1265-1 - Marc Deslauriers discovered that system-config-printer's cupshelpers scripts used by the Ubuntu automatic printer driver download service queried the OpenPrinting database using an insecure connection. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could be exploited to install altered packages and repositories.
-
-
15:51
»
Packet Storm Security Advisories
Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
-
15:51
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
-
15:51
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1238-2 - USN-1238-1 fixed vulnerabilities in Puppet. The upstream patch introduced a regression in Ubuntu 11.04 when executing certain commands. This update fixes the problem. It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
-
-
19:01
»
Packet Storm Security Advisories
Ubuntu Security Notice 1238-1 - It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
-
19:01
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1238-1 - It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
-
19:01
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1238-1 - It was discovered that Puppet incorrectly handled the non-default "certdnsnames" option when generating certificates. If this setting was added to puppet.conf, the puppet master's DNS alt names were added to the X.509 Subject Alternative Name field of all certificates, not just the puppet master's certificate. An attacker that has an incorrect agent certificate in his possession can use it to impersonate the puppet master in a man-in-the-middle attack.
-
-
8:11
»
Packet Storm Security Advisories
Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
-
8:11
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
-
8:11
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1221-1 - It was discovered that mutt incorrectly verified the hostname in an SSL certificate. An attacker could trick mutt into trusting a rogue SMTPS, IMAPS, or POP3S server's certificate, which was signed by a trusted certificate authority, to perform a man-in-the-middle attack.
-
-
9:22
»
Packet Storm Security Advisories
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
-
9:22
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
-
9:22
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1215-1 - It was discovered that the apt-key utility incorrectly verified GPG keys when downloaded via the net-update option. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages. This update corrects the issue by disabling the net-update option completely. A future update will re-enable the option with corrected verification.
-
-
10:44
»
Packet Storm Security Recent Files
This tool was originally written to demonstrate and exploit IE's vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.
-
10:44
»
Packet Storm Security Misc. Files
This tool was originally written to demonstrate and exploit IE's vulnerability to a specific "basicConstraints" man-in-the-middle attack. While Microsoft has since fixed the vulnerability that allowed leaf certificates to act as signing certificates, this tool is still occasionally useful for other purposes. It is designed to MITM all SSL connections on a LAN and dynamically generates certs for the domains that are being accessed on the fly. The new certificates are constructed in a certificate chain that is signed by any certificate that you provide.
-
-
17:12
»
Packet Storm Security Advisories
Ubuntu Security Notice 1169-1 - William Grant discovered that APT incorrectly validated inline GPG signatures. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
17:12
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1169-1 - William Grant discovered that APT incorrectly validated inline GPG signatures. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
17:12
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1169-1 - William Grant discovered that APT incorrectly validated inline GPG signatures. If a remote attacker were able to perform a man-in-the-middle attack, this flaw could potentially be used to install altered packages.
-
-
7:07
»
Packet Storm Security Advisories
Ubuntu Security Notice 1110-1 - It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could exploit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.
-
7:07
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1110-1 - It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could exploit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.
-
7:07
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1110-1 - It was discovered that KDE KSSL did not properly verify X.509 certificates when the certificate was issued for an IP address. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Tim Brown discovered that KDE KHTML did not properly escape URLs from externally generated error pages. An attacker could exploit this to conduct cross-site scripting attacks. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain.
-
-
10:09
»
Packet Storm Security Advisories
Ubuntu Security Notice 1106-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse.
-
10:09
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1106-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse.
-
10:09
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1106-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These certificates were marked as explicitly not trusted to prevent their misuse.
-
-
14:04
»
Packet Storm Security Advisories
Ubuntu Security Notice 1101-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse.
-
14:04
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1101-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse.
-
14:04
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1101-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could exploit these to perform a man in the middle attack to view sensitive information or alter encrypted communications. These were placed on the certificate blacklist to prevent their misuse.
-
-
21:53
»
Packet Storm Security Advisories
Ubuntu Security Notice 1091-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could use these to perform a man-in-the-middle attack. These were placed on the certificate blacklist to prevent their misuse.
-
21:53
»
Packet Storm Security Recent Files
Ubuntu Security Notice 1091-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could use these to perform a man-in-the-middle attack. These were placed on the certificate blacklist to prevent their misuse.
-
21:53
»
Packet Storm Security Misc. Files
Ubuntu Security Notice 1091-1 - It was discovered that several invalid HTTPS certificates were issued and revoked. An attacker could use these to perform a man-in-the-middle attack. These were placed on the certificate blacklist to prevent their misuse.
-
-
6:35
»
Hack a Day
[Mike] sent in a tip about Newstweek, and we’re turning to our readers to tell us if this is real or if we’re being trolled. The link he sent us points to a well-written news-ish article about a device that plugs into the wall near an open WiFi hotspot and performs something of a man-in-the-middle attack on devices [...]
-
-
18:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 990-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.
-
18:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 990-2 - USN-860-1 introduced a partial workaround to Apache that disabled client initiated TLS renegotiation in order to mitigate CVE-2009-3555. USN-990-1 introduced the new RFC5746 renegotiation extension in openssl, and completely resolves the issue. After updating openssl, an Apache server will allow both patched and unpatched web browsers to connect, but unpatched browsers will not be able to renegotiate. This update introduces the new SSLInsecureRenegotiation directive for Apache that may be used to re-enable insecure renegotiations with unpatched web browsers. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds backported support for the new RFC5746 renegotiation extension and will use it when both the client and the server support it.
-
-
13:36
»
Packet Storm Security Recent Files
Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
13:34
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-8 - USN-927-1 fixed vulnerabilities in NSS. This update provides the Thunderbird update to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
12:03
»
Packet Storm Security Recent Files
Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
12:03
»
Packet Storm Security Recent Files
Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
12:03
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-6 - USN-927-1 fixed vulnerabilities in NSS on Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 9.04. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
12:03
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-7 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Original advisory details: Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
-
21:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
21:05
»
Packet Storm Security Recent Files
Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
21:02
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-4 - USN-927-1 fixed vulnerabilities in nss in Ubuntu 9.10. This update provides the corresponding updates for Ubuntu 8.04 LTS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
21:02
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-5 - USN-927-4 fixed vulnerabilities in NSS. This update provides the NSPR needed to use the new NSS. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
-
18:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-2 - USN-927-1 fixed vulnerabilities in NSS. Upstream NSS 3.12.6 added an additional checksum verification on libnssdbm3.so, but the Ubuntu packaging did not create this checksum. As a result, Firefox could not initialize the security component when the NSS Internal FIPS PKCS #11 Module was enabled. This update fixes the problem. Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
-
22:00
»
Packet Storm Security Recent Files
Ubuntu Security Notice 927-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
22:00
»
Packet Storm Security Advisories
Ubuntu Security Notice 927-1 - Marsh Ray and Steve Dispensa discovered a flaw in the TLS and SSLv3 protocols. If an attacker could perform a man in the middle attack at the start of a TLS connection, the attacker could inject arbitrary content at the beginning of the user's session. This update adds support for the new new renegotiation extension and will use it when the server supports it.
-
-
17:00
»
Packet Storm Security Tools
PerJack is a TCP Session Hijack tool written in Perl. It does a man-in-the-middle attack, displays all active sessions and takes over the selected TCP session.
-
17:00
»
Packet Storm Security Recent Files
PerJack is a TCP Session Hijack tool written in Perl. It does a man-in-the-middle attack, displays all active sessions and takes over the selected TCP session.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
SecuriTeam
BackTrack Linux Forums
Threatpost
SecDocs
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant
Wirevolution