Debian Security Advisory
DSA-1994-1 ajaxterm -- weak session IDs
- Date Reported:
- 11 Feb 2010
- Affected Packages:
- ajaxterm
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2009-1629.
- More information:
-
It was discovered that Ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses Ajaxterm.
For the oldstable distribution (etch), the problem has been fixed in version 0.9-2+etch1.
For the stable distribution (lenny), the problem has been fixed in version 0.10-2+lenny1.
For the unstable distribution (sid), the problem has been fixed in version 0.10-5.
We recommend that you upgrade your ajaxterm package.
- Fixed in:
-
Debian GNU/Linux 4.0 (etch)
- Source:
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.dsc
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.diff.gz
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1.diff.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.9-2+etch1_all.deb
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1.diff.gz
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10.orig.tar.gz
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1.dsc
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10.orig.tar.gz
- Architecture-independent component:
- http://security.debian.org/pool/updates/main/a/ajaxterm/ajaxterm_0.10-2+lenny1_all.deb
MD5 checksums of the listed files are available in the original advisory.