|
EPA must address deviations, apply patches following IG computer security …
FierceGovernmentIT The Environmental Protection Agency needs to correct several deficiencies found in its configuration management program, an internal audit found. Configuration management essentially ensures that software and hardware systems are updated, appropriate … |
The critical Shellshock vulnerabilities found last month in the Bash Unix shell have motivated security researchers to search for similar flaws in old, but widely used, command-line utilities.
Two remote command execution vulnerabilities were patched this week in the popular wget download agent and tnftp client for Unix-like systems. This comes after a remote code execution vulnerability was found last week in a library used by strings, objdump, readelf and other command-line tools.
To read this article in full or to leave a comment, please click here
Windows and Internet Explorer need critical patches this month, according to Microsoft’s advanced notification about Patch Tuesday bulletins for Oct. 14.
In all there are nine bulletins, but three of them are ranked critical and could allow attackers to execute malicious code remotely, according to the notification. “These will be the top patching priorities, probably with the IE issue being the most at risk for exploitation,” says Ross Barrett, senior manager of security engineering at Rapid7.
+ Also on NetworkWorld: Most Dangerous Cyber Celebrities +
To read this article in full or to leave a comment, please click here
Apple released a patch Monday for Shellshock, a serious software vulnerability disclosed last week, although the company had said it posed no risk to most users.
Shellshock is the nickname for a flaw in the GNU Bourne Again Shell, or Bash, which is a command-line shell processor used for sending commands to an operating system. It is prevalent in Unix and Linux systems.
The flaw in Bash, which has been present for two decades, could allow an attacker to take complete control of a computer if the software is remotely accessible. An attacker could append malicious commands into a CGI (Common Gateway Interface) request, which would then be processed by a server.
To read this article in full or to leave a comment, please click here