The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 before 1.0.2f does not ensure that prime numbers are appropriate for Diffie-Hellman (DH) key exchange, which makes it easier for remote attackers to discover a private DH exponent by making multiple handshakes with a peer that chose an inappropriate number, as demonstrated by a number in an X9.42 file.
Monthly Archives: February 2016
CVE-2016-2231
The Windows-based Host Interface Program (WHIP) service on Huawei SmartAX MT882 devices V200R002B022 Arg relies on the client to send a length field that is consistent with a buffer size, which allows remote attackers to cause a denial of service (device outage) or possibly have unspecified other impact via crafted traffic on TCP port 8701.
CVE-2016-2314
GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices V200R002B022 Arg, allows remote authenticated users to cause a denial of service (device outage) by using the FTP MKD command to create a directory with a long name, and then using certain other commands.
Algobox 0.9 DLL Hijacking
Algobox versions 0.9 and below suffer from a DLL hijacking vulnerability.
Gold Movies 1.0.2 SQL Injection
Gold Movies version 1.0.2 suffers from a remote SQL injection vulnerability.
CVE-2016-0747
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not properly limit CNAME resolution, which allows remote attackers to cause a denial of service (worker process resource consumption) via vectors related to arbitrary name resolution. (CVSS:5.0) (Last Update:2016-03-17)
CVE-2016-0746
Use-after-free vulnerability in the resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (worker process crash) or possibly have unspecified other impact via a crafted DNS response related to CNAME response processing. (CVSS:7.5) (Last Update:2016-03-16)
CVE-2016-0742
The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows remote attackers to cause a denial of service (invalid pointer dereference and worker process crash) via a crafted UDP DNS response. (CVSS:5.0) (Last Update:2016-02-29)
DSA-3479 graphite2 – security update
Multiple vulnerabilities have been found in the Graphite font rendering
engine which might result in denial of service or the execution of
arbitrary code if a malformed font file is processed.
DSA-3478 libgcrypt11 – security update
Daniel Genkin, Lev Pachmanov, Itamar Pipman and Eran Tromer discovered
that the ECDH secret decryption keys in applications using the
libgcrypt11 library could be leaked via a side-channel attack.