Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
Monthly Archives: March 2015
Seagate Confirms NAS Zero Day, Won’t Patch Until May
Seagate confirmed a publicly disclosed vulnerability in one of its network attached storage products, but said it won’t have a patch available until May.
MDVSA-2015:056: rpm
Updated rpm packages fix security vulnerabilities:
It was found that RPM wrote file contents to the target
installation directory under a temporary name, and verified its
cryptographic signature only after the temporary file has been
written completely. Under certain conditions, the system interprets
the unverified temporary file contents and extracts commands from
it. This could allow an attacker to modify signed RPM files in such
a way that they would execute code chosen by the attacker during
package installation (CVE-2013-6435).
It was found that RPM could encounter an integer overflow, leading to
a stack-based buffer overflow, while parsing a crafted CPIO header
in the payload section of an RPM file. This could allow an attacker
to modify signed RPM files in such a way that they would execute code
chosen by the attacker during package installation (CVE-2014-8118).
RHEA-2015:0659-1: dracut enhancement update
Red Hat Enterprise Linux: Updated dracut packages that add one enhancement are now available for Red Hat
Enterprise Linux 6.
RHBA-2015:0658-1: gnome-settings-daemon bug fix update
Red Hat Enterprise Linux: Updated gnome-settings-daemon packages that fix one bug are now available for
Red Hat Enterprise Linux 6.
RHBA-2015:0657-1: ibus bug fix update
Red Hat Enterprise Linux: Updated ibus packages that fix two bugs are now available for Red Hat Enterprise
Linux 6.
RHBA-2015:0656-1: SDL bug fix update
Red Hat Enterprise Linux: Updated SDL packages that fix one bug are now available for Red Hat Enterprise
Linux 6.
RHBA-2015:0655-1: pulseaudio bug fix update
Red Hat Enterprise Linux: Updated pulseaudio packages that fix several bugs are now available for Red Hat
Enterprise Linux 6.
RHBA-2015:0654-1: ksh bug fix update
Red Hat Enterprise Linux: Updated ksh packages that fix one bug are now available for Red Hat Enterprise
Linux 6.5 Extended Update Support.
TextSecure to Drop Support for Encrypted SMS
Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security and performance issues inherent […]