Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.131170
Kategorie:Mageia Linux Local Security Checks
Titel:Mageia Linux Local Check: mgasa-2015-0487
Zusammenfassung:Mageia Linux Local Security Checks mgasa-2015-0487
Beschreibung:Summary:
Mageia Linux Local Security Checks mgasa-2015-0487

Vulnerability Insight:
The Bouncy Castle Java library before 1.51 does not validate a point is within the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an invalid curve attack (CVE-2015-7940).

Solution:
Update the affected packages to the latest available version.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7940
BugTraq ID: 79091
http://www.securityfocus.com/bid/79091
Debian Security Information: DSA-3417 (Google Search)
http://www.debian.org/security/2015/dsa-3417
http://lists.fedoraproject.org/pipermail/package-announce/2016-January/174915.html
http://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
https://www.oracle.com/security-alerts/cpuapr2020.html
http://www.openwall.com/lists/oss-security/2015/10/22/7
http://www.openwall.com/lists/oss-security/2015/10/22/9
RedHat Security Advisories: RHSA-2016:2035
http://rhn.redhat.com/errata/RHSA-2016-2035.html
RedHat Security Advisories: RHSA-2016:2036
http://rhn.redhat.com/errata/RHSA-2016-2036.html
http://www.securitytracker.com/id/1037036
http://www.securitytracker.com/id/1037046
http://www.securitytracker.com/id/1037053
SuSE Security Announcement: openSUSE-SU-2015:1911 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00012.html
https://usn.ubuntu.com/3727-1/
CopyrightCopyright (C) 2015 Eero Volotinen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.