User Tools

Site Tools


start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
start [2017/06/27 12:18]
nribaudo ^
start [2017/06/27 12:26]
nribaudo
Line 3: Line 3:
  
  
-^ Security Concern ​     ^ Any Comrex Products Affected? ​      ^ Product(s) Affected ​         ^Minimum Secure Firmware Version ​     ^ +^ Security Concern ​     ^ Any Comrex Products Affected? ​      ^ Product(s) Affected ​         ^ Minimum Secure Firmware Version ​     ^ 
-| **Dropbear SSH** vulnerability for versions prior to 2016.74 ​   | YES     | ACCESS 2USB, ACCESS Rackmount, BRIC-Link, and BRIC-Link II        |4.0p10 ​   | +| **Dropbear SSH** vulnerability for versions prior to 2016.74 ​   | **YES**     | ACCESS 2USB, ACCESS Rackmount, BRIC-Link, and BRIC-Link II        | 4.0p10 ​   | 
-| A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability,​ identified as CVE-2017-1000367,​ was discovered by researchers at Qualys Security in Sudo's "​get_process_ttyname()"​ function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.    | NO |     ​| ​    ​| ​    | +| A high-severity vulnerability has been reported in Linux that could be exploited by a low privilege attacker to gain full root access on an affected system. The vulnerability,​ identified as CVE-2017-1000367,​ was discovered by researchers at Qualys Security in Sudo's "​get_process_ttyname()"​ function for Linux that could allow a user with Sudo privileges to run commands as root or elevate privileges to root.    | **NO** |     ​| ​    ​| ​    | 
- A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “**Bash Bug**” or “**ShellShock**,​” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully. ​   | NO    |        |    | +| A new vulnerability has been found that potentially affects most versions of the Linux and Unix operating systems, in addition to Mac OS X (which is based around Unix). Known as the “**Bash Bug**” or “**ShellShock**,​” the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) could allow an attacker to gain control over a targeted computer if exploited successfully. ​   | **NO**    ​| ​       |    | 
- **Stack-based Buffer Overflow - CVE-2015-7547**. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. ​   | NO    |        |    |+| **Stack-based Buffer Overflow - CVE-2015-7547**. The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack. ​   | **NO**    ​| ​       |    |
start.txt · Last modified: 2017/06/27 12:26 by nribaudo