The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
a09f936638884fd22851a65866810badRed Hat Security Advisory 2012-0125-01 - The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
864ed57afca2c884fc017d61f81beecfVMware Security Advisory 2011-0012 - VMware ESXi and ESX updates to third party libraries and ESX Service Console address several security issues.
09895b515d192ac17d0b7edd6177d76bGentoo Linux Security Advisory 201011-1 - Multiple vulnerabilities were found in glibc, the worst of which allowing local attackers to execute arbitrary code as root. Multiple vulnerabilities were found in glibc, amongst others the widely-known recent LD_AUDIT and $ORIGIN issues. For further information please consult the CVE entries referenced below. Versions less than 2.11.2-r3 are affected.
5cea4225da35cf3fb30d0ffed4cc46a2Debian Linux Security Advisory 2058-1 - Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives.
2e9befb3a5d659605c97d4801f4e5d56Mandriva Linux Security Advisory 2010-112 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.
7c1dea9fe4daa691b2cdcf8c45acce4cMandriva Linux Security Advisory 2010-111 - Multiple vulnerabilities was discovered and fixed in glibc. The updated packages have been patched to correct these issues.
dfa8ddd895de738ed3854af891707453Ubuntu Security Notice 944-1 - Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges.
c038d4d3917031eaa03e48efb49f418c
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed