[Lugge] da -SecurityFocus Newsletter #185

  • From: "Sebino@xxxxxxx" <sebino@xxxxxxx>
  • To: lugge@xxxxxxxxxxxxx
  • Date: Sat, 15 Mar 2003 22:17:05 +0000

Penso possa servire se c'è qualche webmaster che lo usa.

1. Util-Linux mcookie Cookie Generation Weakness
BugTraq ID: 6855
Remote: Yes
Date Published: Feb 14 2003 12:00AM
Relevant URL:

util-linux is a freely available, open source software package that
provides some implementations of standard UNIX utilities, such as login.
Included with util-linux is the mcookie utility that is used to generate
random cookies for use with X authentication.

A weakness has been reported for the mcookie utility where cookies may be
generated in a predictable manner. The weakness occurs because mcookie
uses /dev/urandom to generate cookies.

This may be exploited by an attacker to guess cookie values to steal
credentials of users who use X authentication.

Information obtained in this manner may be used by the attacker to launch
further attacks against vulnerable systems and users.

 Prima di scrivere in m-list per favore leggi il regolamento 
 Archivio delle e-mail postate in lista 
 Modifica dell'account su freelists 
 Orari di apertura della sede e come arrivarci: 

Other related posts:

  • » [Lugge] da -SecurityFocus Newsletter #185