The industrial managed switch series 852 from WAGO is affected by multiple vulnerabilities such as old software components embedded in the firmware. Furthermore, hardcoded password hashes and credentials were also found by doing an automated scan with IoT Inspector.
5c8f473ce950d3d7fc4a502cd31cbb68d69766f0ee3d50da6ac20921262a4c65Gentoo Linux Security Advisory 201503-4 - Multiple vulnerabilities have been found in GNU C Library, the worst of which allowing a local attacker to execute arbitrary code or cause a Denial of Service. Versions less than 2.19-r1 are affected.
3be887081cfadc048cd5dd2fed5fc98110f1b24cf929e8adeeecd9c308657613Slackware Security Advisory - New glibc packages are available for Slackware 14.1 and -current to fix security issues.
f465530a54da7d5a528f544b46d30ac71a8e33c13da9a2e12a12020d9888fad7Mandriva Linux Security Advisory 2013-284 - Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service via a large value to the aligned_alloc functions. A stack overflow flaw, which led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET6. A similar flaw to this affects AF_INET6 rather than AF_UNSPEC. The PTR_MANGLE implementation in the GNU C Library (aka glibc or libc6) 2.4, 2.17, and earlier, and Embedded GLIBC does not initialize the random value for the pointer guard, which makes it easier for context- dependent attackers to control execution flow by leveraging a buffer-overflow vulnerability in an application and using the known zero value pointer guard to calculate a pointer address. The updated packages have been patched to correct these issues.
00fea704bf1f1055d112be7b211b292f2d6fed3a9a06d1f22b451064014e9b25Mandriva Linux Security Advisory 2013-283 - Updated glibc packages fix multiple security issues. Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc or libc6) 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow. Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library 2.17 and earlier allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function. pt_chown in GNU C Library before 2.18 does not properly check permissions for tty files, which allows local users to change the permission on the files and obtain access to arbitrary pseudo-terminals by leveraging a FUSE file system. Various other issues were also addressed.
1c82e380a68105a8faa750720b4e2f2251bb1cd7f4dd03f29ae8a02d1b90188bUbuntu Security Notice 1991-1 - It was discovered that the GNU C Library incorrectly handled the strcoll() function. An attacker could use this issue to cause a denial of service, or possibly execute arbitrary code. It was discovered that the GNU C Library incorrectly handled multibyte characters in the regular expression matcher. An attacker could use this issue to cause a denial of service. It was discovered that the GNU C Library incorrectly handled large numbers of domain conversion results in the getaddrinfo() function. An attacker could use this issue to cause a denial of service. Various other issues were also addressed.
9a3faf4d014c0ecc32760724cade9dbcc4a41d949e21274c41bba46d64866b9f
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed