[SECURITY] [DSA 4388-2] mosquitto regression update

2019-02-17 Thread Salvatore Bonaccorso
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4388-2 secur...@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 17, 2019

CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape

2019-02-17 Thread Stig Palmquist
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 CVE-2018-20162: Digi TransPort LR54 Restricted Shell Escape === The Digi TransPort LR54 is a high speed LTE router commonly used by industry, infrastructure, retail and public transportation.

[SECURITY] [DSA 4392-1] thunderbird security update

2019-02-17 Thread Moritz Muehlenhoff
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 - - Debian Security Advisory DSA-4392-1 secur...@debian.org https://www.debian.org/security/ Moritz Muehlenhoff February 16, 2019

DASAN H665 has vendor backdoor built into BusyBox’s /bin/login

2019-02-17 Thread Krzysztof Burghardt
Hi! DASAN H665 has vendor backdoor built into BusyBox /bin/login. Account named "dnsekakf2$$" gives access to admin (uid 0) account over telnet without any password, at least for administration interface documented in H665 Quick Guide (subnet 192.168.55.0/24 on LAN interface). $ telnet