[Lugge] da -SecurityFocus Newsletter #185

From: "Sebino@xxxxxxx" <sebino@xxxxxxx>
To: lugge@xxxxxxxxxxxxx
Date: Sat, 15 Mar 2003 22:17:05 +0000

Penso possa servire se c'è qualche webmaster che lo usa.

1. Util-Linux mcookie Cookie Generation Weakness
BugTraq ID: 6855
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/6855
Summary:

util-linux is a freely available, open source software package that
provides some implementations of standard UNIX utilities, such as login.
Included with util-linux is the mcookie utility that is used to generate
random cookies for use with X authentication.

A weakness has been reported for the mcookie utility where cookies may be
generated in a predictable manner. The weakness occurs because mcookie
uses /dev/urandom to generate cookies.

This may be exploited by an attacker to guess cookie values to steal
credentials of users who use X authentication.

Information obtained in this manner may be used by the attacker to launch
further attacks against vulnerable systems and users.

http://www.securityfocus.com/bid/6856
========---------- 
  
 Prima di scrivere in m-list per favore leggi il regolamento 
 http://www.lugge.net/soci/index.php?link=manifesto.htm#list 
 
 Archivio delle e-mail postate in lista 
 //www.freelists.org/archives/lugge/ 
 
 Modifica dell'account su freelists 
 //www.freelists.org/cgi-bin/lsg2.cgi  
 
----------======== 
 
 Orari di apertura della sede e come arrivarci: 
 http://www.lugge.net/soci/index.php?link=sede.htm

References:
- [Lugge] Fw: firma contro il recepimento in italia della normativa EUCD]
  - From: Roberto J. Vichi
- [Lugge] Re: Fw: firma contro il recepimento in italia dellanormativa EUCD]
  - From: Simone Ravarotto

[Lugge] da -SecurityFocus Newsletter #185

Other related posts: