It was discovered that Ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses Ajaxterm. For the oldstable distribution (etch), the problem has been fixed in version 0.9-2+etch1. For the stable distribution (lenny), the problem has been fixed in version 0.10-2+lenny1. For the unstable distribution (sid), the problem has been fixed in version 0.10-5. We recommend that you upgrade your ajaxterm package.
It was discovered that Ajaxterm, a web-based terminal, generates weak and predictable session IDs, which might be used to hijack a session or cause a denial of service attack on a system that uses Ajaxterm.
For the oldstable distribution (etch), the problem has been fixed in version 0.9-2+etch4.
For the stable distribution (lenny), the problem has been fixed in version 0.10-2+lenny1.
For the unstable distribution (sid), the problem has been fixed in version 0.10-5.
We recommend that you upgrade your ajaxterm package.
MD5 checksums of the listed files are available in the original advisory.