[Secure-testing-team] Bug#528938: CVE-2009-1629: generates session IDs with predictable random numbers
Giuseppe Iuculano
giuseppe at iuculano.it
Sat May 16 14:52:32 UTC 2009
Package: ajaxterm
Version: 0.10-4
Severity: serious
Tags: security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for ajaxterm.
CVE-2009-1629[0]:
| ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with
| predictable random numbers based on certain JavaScript functions,
| which makes it easier for remote attackers to (1) hijack a session or
| (2) cause a denial of service (session ID exhaustion) via a
| brute-force attack.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1629
http://security-tracker.debian.net/tracker/CVE-2009-1629
Cheers,
Giuseppe.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkoO0y0ACgkQNxpp46476ap5kQCghMAQafc46v0qdvjymQs/2G8p
jZcAoI7a4mTbI3QBpyrx88Qlr9z9ojLG
=hk2D
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list