Secunia Security Advisory - Debian has issued an update for ajaxterm. This fixes a security issue, which can be exploited by malicious people to conduct hijacking attacks.
37985bcba813379d4dd5488cae4e6c7499dfc2719cf370cb6fb2f617143e434e
----------------------------------------------------------------------
Secunia integrated with Microsoft WSUS
http://secunia.com/blog/71/
----------------------------------------------------------------------
TITLE:
Debian update for ajaxterm
SECUNIA ADVISORY ID:
SA38560
VERIFY ADVISORY:
http://secunia.com/advisories/38560/
DESCRIPTION:
Debian has issued an update for ajaxterm. This fixes a security
issue, which can be exploited by malicious people to conduct
hijacking attacks.
The security issue is caused due to ajaxterm generating
insufficiently secure session identifiers. This can be exploited to
e.g. hijack a user's session via brute force attacks.
SOLUTION:
Apply updated packages.
-- Debian GNU/Linux 4.0 alias etch --
Source archives:
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.dsc
Size/MD5 checksum: 690 4e0e8803297516dd65e13e10836b7700
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.diff.gz
Size/MD5 checksum: 6479 30e20eb2a1a452f9e2711619d3386155
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9.orig.tar.gz
Size/MD5 checksum: 33751 9e48eae37beb62df3f91460b7fe352e0
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1_all.deb
Size/MD5 checksum: 40490 4c63417d3dfe2aa14c115042c10cdb97
-- Debian GNU/Linux 5.0 alias lenny --
Source archives:
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1.diff.gz
Size/MD5 checksum: 8309 63860e0b5b279d0fe92012abef36628e
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10.orig.tar.gz
Size/MD5 checksum: 34372 b10830a7a81d2a4c9f8815510dafb87a
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1.dsc
Size/MD5 checksum: 1275 dac2c51d75700af66248358265c77897
Architecture independent packages:
http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1_all.deb
Size/MD5 checksum: 41606 287e8220fce3fc0b673ed6f392094b71
PROVIDED AND/OR DISCOVERED BY:
Michael Greb
ORIGINAL ADVISORY:
DSA-1994-1:
http://lists.debian.org/debian-security-announce/2010/msg00034.html
oCERT:
http://www.openwall.com/lists/oss-security/2009/05/11/1
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------