security flaw

GHOST - security flaw in the glibc library

Yesterday a critical security vulnerability has been published by Qualys concerning the GNU Library C (glibc), named GHOST.

That allows?

Plesk Panel for Windows security flaw

December 8, 2014, the Parallels security team discovered a flaw deemed critical. Parallels immediately announced the discovery of this vulnerability with a patch publicly.

Is that it allows?

A critical security in Parallels Plesk Panel for Windows vulnerability has been recently identified. This could allow users to allow access to the data of other users of the Plesk server. This vulnerability is limited to Plesk for Windows.

Since when does it exist?

The fault is present on versions of Plesk Panel 10.4.4 11.0, 11.5 and 12.0.

SSL v3 - fault safety and end of life

This week a security flaw was discovered in the design of SSL v3. This would allow an attacker to decrypt encrypted with this method connections. For more information, see the note following CVE CVE-2014-3566 or OpenSSL report.

Since when does it exist?

SSL v3 is a 18 year old technology and the fault is so deep that its designers not will correct it. SSL v3 is now an obsolete and non-secure solution.

Major fault of the bash shell

Update 2014-09-26 12:30 UTC + 1

The CVE-2014-7169 fault seems to be patched by most of the package maintainers. We invite you to redo an update of your bash.

In the bash shell security flaw

A major vulnerability on the bash shell has just be discovered.

Since when does it exist?

This flaw has existed since at least version 3 of bash, which makes it is very widespread.

- What is it allows?

The flaw exploits the fact that the Shell bash, at the time or it is started, does not stop the interpretation to where it should when there are definitions of variables or functions of environment and executes orders placed in arguments.

New vulnerability for WordPress and Drupal

Security vulnerabilities do not respect holidays!

On August 5, 2014, a new security flaw was published on the WordPress CMS and Drupal. The vulnerability is linked to any plugin additional and is available from the default configuration of these tools.

- What is it allows?