[Lugge] da -SecurityFocus Newsletter #185

  • From: "Sebino@xxxxxxx" <sebino@xxxxxxx>
  • To: lugge@xxxxxxxxxxxxx
  • Date: Sat, 15 Mar 2003 22:17:05 +0000

Penso possa servire se c'è qualche webmaster che lo usa.

1. Util-Linux mcookie Cookie Generation Weakness
BugTraq ID: 6855
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6855
Summary:

util-linux is a freely available, open source software package that
provides some implementations of standard UNIX utilities, such as login.
Included with util-linux is the mcookie utility that is used to generate
random cookies for use with X authentication.

A weakness has been reported for the mcookie utility where cookies may be
generated in a predictable manner. The weakness occurs because mcookie
uses /dev/urandom to generate cookies.

This may be exploited by an attacker to guess cookie values to steal
credentials of users who use X authentication.

Information obtained in this manner may be used by the attacker to launch
further attacks against vulnerable systems and users.

http://www.securityfocus.com/bid/6856
========---------- 
  
 Prima di scrivere in m-list per favore leggi il regolamento 
 http://www.lugge.net/soci/index.php?link=manifesto.htm#list 
 
 Archivio delle e-mail postate in lista 
 http://www.freelists.org/archives/lugge/ 
 
 Modifica dell'account su freelists 
 http://www.freelists.org/cgi-bin/lsg2.cgi  
 
----------======== 
 
 Orari di apertura della sede e come arrivarci: 
 http://www.lugge.net/soci/index.php?link=sede.htm 
  
 
 
  

Other related posts:

  • » [Lugge] da -SecurityFocus Newsletter #185