Monthly Archives: November 2014

NVD

CVE-2014-8476

The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a call to getlogin, which returns the entire buffer.

NVD

CVE-2014-8554

SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-1609.

NVD

CVE-2014-8557 (channel_platform)

Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an editarUsuario action to usuario.do or (2) titulo.form variable in a novoChamado action to ticket.do.

NVD

CVE-2014-8564

The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) Elliptic Curve Cryptography (ECC) certificate or (2) certificate signing requests (CSR), related to generating key IDs.

NVD

CVE-2014-8770

Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.

Security

IC3 Releases “Tech Support” Themed Scam Alert

Original release date: November 13, 2014

The Internet Crime Complaint Center (IC3), a partnership between the Federal Bureau of Investigation (FBI) and the National White Collar Crime Center (NW3C) to combat Internet crime, has released a Scam Alert advising the public of an ongoing telephone scam in which callers purport to be an employee of a major software company in order to defraud a targeted victim. 

Users and administrators are encouraged to review the IC3 Scam Alert for more details, and refer to the Avoiding Social Engineering and Phishing Attacks Cyber Security Tip for information on social engineering attacks.

This product is provided subject to this Notification and this Privacy & Use policy.

Avast

How to upgrade your router with the latest firmware or replace it completely

It’s difficult to accept that we made an unwise purchase or even that a piece of technology has gone obsolete. But when it comes to the security of your home network, it’s time to face up to it.

Last February, Craig Young, a researcher at security firm Tripwire, published research showing that 80% of the 25 best-selling small office/home office (SOHO) wireless router models on Amazon had vulnerabilities. Because some routers, in fact, a lot of them, have so many non-patched vulnerabilities, the easiest way to secure your home network is to replace the router completely with a secure model.

Your WiFi network is not secured

Your WiFi network is not secured

 

How to update your router

But let’s not spend your money yet. Only four of the reported vulnerabilities were completely new, and many have been patched in later models, so you should first look for firmware updates. Some conscious manufactures release updates for their hardware controls and, if applied, could solve all (or at least some) known vulnerabilities.

Routers do not perform automatic updates, so the process requires appropriate patches to be manually downloaded and installed. Avast 2015 includes a Home Network Security scanner that can help you determine what needs to be done, explain why, and can direct you to the router manufacturer’s website.

Open the Avast user interface, click Scan from the menu on the left, then choose Scan for network threats. Avast will take a look at your router and report back any issues. In most cases, if there is an issue to be addressed, then it will direct you to your router manufacturer’s website.

Yes, Virginia, there is a Santa Claus Router Attack

If you’re not convinced that router attacks are something to be concerned about, then think back on the attack from earlier this year. Attackers remotely altered DNS configurations for more than 300,000 small office/home office (SOHO) routers, subsequently opening up victims to a host of compromises

Among several vulnerabilities around, there is one that is quite common. It’s called ROM-0 and allows the attacker to easily gain control of the whole router and, subsequently, your Internet connection. In short, the attacker could request ROM-0 through HTTP (i.e. http://192.168.1.1/ROM-0) and then he can download all the important and secret data stored in your router: Your ADSL login/password combination, WIFI password and basically all your configuration data.

How to avoid attackers from downloading your Rom-0 configuration file and manipulating your router?

It’s simple (if you are comfortable around computers. Ask a techie to help you, if you’re not):

  • Forward port 80 on the router to a non-used IP address on your network.
  • Enter your router configuration and go to “Port forwarding” configuration.
  • Send all http traffic, of all protocols, to star and end port 80 in a non-used local IP address (something like 192.168.0.xxx, where xxx would be a non-used IP).

There are free guides of “port forwarding” for quite a lot of routers. Check your model here.

Avast Software’s security applications for PC, Mac, and Android are trusted by more than 200-million people and businesses. Please follow us on Facebook, Twitter and Google+.