Tag: patches | Page 50

Synology patches serious flaws in its network-attached storage devices

May 26, 2015/in Computer Security

Network-attached storage (NAS) manufacturer Synology fixed several vulnerabilities in its devices’ software, one of which could allow attackers to compromise the data stored on them.

The most serious vulnerability is located in the Synology Photo Station, a feature of DiskStation Manager (DSM), the Linux-based operating system that runs on the company’s NAS devices.

Synology Photo Station allows users to create online photo albums and blogs that can be accessed remotely using the NAS device’s public IP (Internet Protocol) address.

Researchers from Dutch firm Securify found that Photo Station did not properly sanitize user input, allowing potential attackers to inject system commands that would be executed with the privileges of the Web server.

To read this article in full or to leave a comment, please click here

Network World Security

SAP patches login flaw in ASE database

April 24, 2015/in Computer Security

SAP patched a flaw on Thursday that could allow an attacker to take complete control over a database, according to security vendor Trustwave.

The flaw (CVE-2014-6284) affects SAP’s Adaptive Server Enterprise (ASE), a relational database for Unix, Linux and Windows systems, designed for high volumes of data-rich transactions. Vulnerable versions are 12.5, 15, 15.5, 15.7 and 16.

TrustWave’s Martin Rakhmanov, a senior security researcher, found an error in the challenge and response mechanism used to access ASE. The account access gained is not a privileged account, but TrustWave said other flaws allow the privileges to be escalated to that of a database administrator.

To read this article in full or to leave a comment, please click here

Network World Security

D-Link patches critical router flaws, says more fixes to come

March 4, 2015/in Internet Security

D-Link has taken action over three serious vulnerabilities discovered in several of its home routers, and it’s promising more fixes next week.
Naked Security – Sophos

OpenSSL patches eight new vulnerabilities

January 11, 2015/in Computer Security

Server administrators are advised to upgrade OpenSSL again to fix eight new vulnerabilities, two of which can lead to denial-of-service (DoS) attacks.

The flaws are only of moderate and low severity, unlike the Heartbleed vulnerability discovered last year. Heartbleed could have allowed attackers to steal sensitive information including encryption keys from servers.

Nevertheless, “system administrators should plan to upgrade their running OpenSSL server instances in the coming days,” said Tod Beardsley, engineering manager at vulnerability intelligence firm Rapid7, via email Friday.

To read this article in full or to leave a comment, please click here

Network World Security

Tag Archive for: patches