User Tools

Site Tools


Comrex Version Security Concerns and Firmware Fixes

Security Concern Any Comrex Products Affected? Product(s) Affected Minimum Secure Firmware Version
Dropbear SSH vulnerability for versions prior to 2016.74 YES ACCESS 2USB, ACCESS Rackmount, BRIC-Link, and BRIC-Link II 4.0p10
A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's “get_process_ttyname()” function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. NO
A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “Bash Bug” or “ShellShock,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully. NO
Stack-based Buffer Overflow - CVE-2015-7547. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. NO
start.txt · Last modified: 2017/06/27 16:26 by nribaudo