취약점 정보1 썸네일형 리스트형 OpenSSL 취약점(HeartBleed) 대응 방안 권고 개요통신 구간 암호화를 위해 많이 사용하는 OpenSSL 라이브러리에서 서버에 저장된 중요 메모리 데이터가 노출되는 HeartBleed라고 명명된 심각한 버그가 발견되어 시스템 및 소프트웨어에 대한 신속한 취약점 조치를 권고취약점 정보시스템 메모리 정보 노출 취약점CVE-2014-0160 (2014.04.07.)영향 받는 버전OpenSSL 1.0.1 ~ OpenSSL 1.0.1fOpenSSL 1.0.2-beta, OpenSSL 1.0.2-beta1영향 받는 시스템 및 소프트웨어취약한 OpenSSL 버전이 탑재된 시스템서버(웹서버, VPN 서버 등), 네트워크 장비, 모바일 단말 등 다양한 시스템이 해당될 수 있음취약한 OpenSSL 라이브러리가 내장된 소프트웨어 제품영향 받지 않는 소프트웨어OpenSSL.. 더보기 openSSH 인증우회 OpenSSH 인증우회 명칭 : OpenSSH 인증우회 발령일시 : 4월11일 해당시스템 : 6.6 위험도 : ★★★☆☆ 최초 보고자 : USN-2164-1 OpenSSH vulnerability ========================================================================== Ubuntu Security Notice USN-2164-1 April 07, 2014 openssh vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivativ.. 더보기 openswan 취약점 Openswan 취약점 명칭 : Openswan 취약점 발령일시 : 4월13일 해당시스템 : 2.6 위험도 : ★★★★☆ 최초 보고자 : DSA-2893-1 Debian Security Advisory DSA-2893-1 security@debian.org http://www.debian.org/security/ Yves-Alexis Perez March 31, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : openswan CVE ID : CVE-2013-2053 CVE-2013-6466 Two vulnerabilities we.. 더보기 리버스 허트브레드 테스팅 I wanted to know if the tools/software I execute regularly are vulnerable to scraping my system memory. Now the reverse heartbleed scenario is very possible, but the likelihood seems to be much more of a non-issue. Seeing is still believing in my book. So I set out to see what the interweb world was doing to test this out. There are some very reputable services/organizations out there offering u.. 더보기 2014-04-14 취약점 정리 cURL/libcURL CVE-2014-0138 Remote Security Bypass Vulnerability 2014-04-14 http://www.securityfocus.com/bid/66457 cURL/libcURL CVE-2014-0139 SSL Certificate Validation Security Bypass Vulnerability 2014-04-14 http://www.securityfocus.com/bid/66458 WordPress Multiple Security Vulnerabilities 2014-04-14 http://www.securityfocus.com/bid/66765 Nessus 'mi_malware_scan.nbin' Plugin Local Privilege Esc.. 더보기 VMware Security Advisory 2014-0003 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----------------------------------------------------------------------- VMware Security Advisory Advisory ID: VMSA-2014-0003 Synopsis: VMware vSphere Client updates address security vulnerabilities Issue date: 2014-04-10 Updated on: 2014-04-10 (initial advisory) CVE numbers: CVE-2014-1209, CVE-2014-1210 - -------------------------------------------.. 더보기 WordPress Quick Page/Post Redirect Plugin 5.0.3 CSRF / XSS Details ================ Software: Quick Page/Post Redirect Plugin Version: 5.0.3 Homepage: http://wordpress.org/plugins/quick-pagepost-redirect-plugin/ Advisory ID: dxw-1970-1091 CVE: CVE-2014-2598 CVSS: 6.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:P) Description ================ CSRF and stored XSS in Quick Page/Post Redirect Plugin Vulnerability ================ This plugin is vulnerable to a combin.. 더보기 VMware Workstation / Player Invalid Pointer Dereference VMware WorkStation version 10.0.1 build-1379776 and VMware Player version 6.0.1 build-1379776 suffer from an invalid pointer dereference vulnerability.Vulnerability title: Invalid Pointer Dereference in VMware Workstation and Player CVE: CVE-2014-2384 Vendor: VMware Product: Workstation, Player Affected version: VMware WorkStation v10.0.1 build-1379776 and VMware Player v6.0.1 build-1379776 Fixe.. 더보기 GCC 4.9 릴리즈 GCC 4.9 Release SeriesChanges, New Features, and FixesCaveatsThe mudflap run time checker has been removed. The mudflap options remain, but do nothing.Support for a number of older systems and recently unmaintained or untested target ports of GCC has been declared obsolete in GCC 4.9. Unless there is activity to revive them, the next release of GCC will have their sources permanently removed.The.. 더보기 mozilla.dev.security.policy thread about StartSSL asking for $25 to revoke compromised certificates initially i filled a bugreport [1] about the consequences of CVE-2014-0160 but this seems to be a better place for a discussion. There were still a discussion about the problem which may be interesing. To give a short introduction: StartCom is offering free Class 1 certificates under the label StartSSL. The certification is completly free of charge but the revocation costs 25 USD. The Problem: I.. 더보기 이전 1 ··· 48 49 50 51 52 53 54 ··· 62 다음