start
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
start [2017/06/27 16:18] nribaudo ^ |
start [2017/06/27 16:26] nribaudo |
||
|---|---|---|---|
| Line 3: | Line 3: | ||
| - | ^ Security Concern ^ Any Comrex Products Affected? ^ Product(s) Affected ^Minimum Secure Firmware Version ^ | + | ^ Security Concern ^ Any Comrex Products Affected? ^ Product(s) Affected ^ Minimum Secure Firmware Version ^ |
| - | | **Dropbear SSH** vulnerability for versions prior to 2016.74 | YES | ACCESS 2USB, ACCESS Rackmount, BRIC-Link, and BRIC-Link II |4.0p10 | | + | | **Dropbear SSH** vulnerability for versions prior to 2016.74 | **YES** | ACCESS 2USB, ACCESS Rackmount, BRIC-Link, and BRIC-Link II | 4.0p10 | |
| - | | A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. | NO | | | | | + | | A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability, identified as CVE-2017-1000367, was discovered by researchers at Qualys Security in Sudo's "get_process_ttyname()" function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root. | **NO** | | | | |
| - | | A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “**Bash Bug**” or “**ShellShock**,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully. | NO | | | | + | | A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “**Bash Bug**” or “**ShellShock**,” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully. | **NO** | | | |
| - | | **Stack-based Buffer Overflow - CVE-2015-7547**. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. | NO | | | | + | | **Stack-based Buffer Overflow - CVE-2015-7547**. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. | **NO** | | | |
start.txt · Last modified: 2017/06/27 16:26 by nribaudo
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
