User Tools

Site Tools


start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
start [2017/06/27 15:58]
74.94.151.157 created
start [2017/06/27 16:26]
nribaudo
Line 1: Line 1:
-Comrex Version Security Concerns and Firmware Fixes+**Comrex Version Security Concerns and Firmware Fixes**
  
-^ Security Concern ​     ^ Any Comrex Products Affected? ​      ^ Product(s) Affected ​         ^ + 
-Row 1 Col 1    ​| ​Row 1 Col 2     | Row 1 Col 3        | + 
-Row 2 Col 1    ​| ​some colspan ​(note the double pipe) || +^ Security Concern ​     ^ Any Comrex Products Affected? ​      ^ Product(s) Affected ​         ​^ Minimum Secure Firmware Version ​     ​
-Row 3 Col 1    ​| ​Row 3 Col 2     Row 3 Col 3        |+**Dropbear SSH** vulnerability for versions prior to 2016.74 ​   ​| ​**YES** ​    | ACCESS 2USB, ACCESS Rackmount, BRIC-Link, and BRIC-Link II        | 4.0p10 ​   ​
 +A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability,​ identified as CVE-2017-1000367,​ was discovered by researchers at Qualys Security in Sudo's "​get_process_ttyname()"​ function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.    ​| ​**NO** |     ​| ​    ​| ​    | 
 +| A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “**Bash Bug**” or “**ShellShock**,​” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271could allow an attacker to gain control over a targeted computer if exploited successfully. ​   ​**NO** ​   |        |    ​
 +**Stack-based Buffer Overflow - CVE-2015-7547**. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. ​   ​| ​**NO** ​   ​|        ​|    ​|
start.txt · Last modified: 2017/06/27 16:26 by nribaudo