No Image

openssl 에서 심각한 보안 취약점 발생

2015-03-18 KENNETH 0

참고URL : https://mta.openssl.org/pipermail/openssl-announce/2015-March/000020.html http://cve.mitre.org/ 사이트에 아직 등록되지 않음 배포주최인 openssl.org 에서는 정확히 어떤 문제인지 밝히지 않았으며 (다만, 작년에 한창 이슈화 되었던 heartbleed 수준일 것이라는 내용) 현지시간으로 3월 19일에 새로운 업데이트 버전에서 해결될 것이라고만 안내.   패치가 적용된 차기버전 openssl-1.0.2a openssl-1.0.1m openssl-1.0.0r openssl-0.9.8zf   openssl.org 에서 아직 어떠한 정보도 나온것이 없고, 패치버전 역시 나온것이 없으므로 각 리눅스 배포판역시 19일 이후에나 적용예정임

No Image

삼바에서 “smb_pwd_check_ntlmv1: incorrect password length” 에러가 발생할때

2015-03-18 KENNETH 0

    http://wiki.nas4free.org/doku.php?id=faq:0033  Q: How can I fix the “smb_pwd_check_ntlmv1: incorrect password length” errors I keep seeing in my logs? A: People have reported different causes / solutions for this error. The most likely solutions are #1 & #2 but feel free to try the others. If you are using Windows 7 or Vista clients you might want to check your LAN Manager Authentication settings as in –dead link {[SOLVED] smb_pwd_check_ntlmv1: incorrect password length} –. See also –dead link {SMB Errors When Copying Files [SOLVED] Windows 7} –. Read Authentication Issues; Microsoft Article ID: 954387 for more details. If you are using Domain Authentication, the CIFS/SMB (Samba) auxiliary parameter use spnego = false has been reported to prevent this error. This may also work with other authentication methods. See –dead link {Windows 7 and Nas4Free} – If you enabled LDAP [ more… ]

No Image

March 2015 Updates

2015-03-11 KENNETH 0

Today, as part of Update Tuesday, we released 14 security bulletins to address vulnerabilities in Microsoft Windows, Microsoft Office, Microsoft Exchange, and Internet Explorer. We encourage customers to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each Common Vulnerabilities and Exposures (CVE), visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We released one new Security Advisory: Availability of SHA-2 code signing support for Windows 7 and Windows Server 2008 R2 (3033929) Two Security Advisories were revised: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer (2755801) Vulnerability in Schannel Could Allow Security Feature Bypass (3046015) For the latest information, you can follow the Microsoft Security Response [ more… ]

No Image

Security Advisory 3046015 released

2015-03-06 KENNETH 0

Today, we released Security Advisory 3046015 to provide guidance to customers in response to the SSL/TLS issue referred to by researchers as “FREAK” (Factoring attack on RSA-EXPORT Keys). Our investigation continues and we’ll take the necessary steps to protect our customers. MSRC Team Source: ms-msrc

No Image

February 2015 Updates

2015-02-11 KENNETH 0

Today, as part of Update Tuesday, we released nine security bulletins – three rated Critical and six rated Important in severity, to address 56 unique Common Vulnerabilities and Exposures (CVEs) in Microsoft Windows, Microsoft Office, Internet Explorer, and Microsoft Server software.  We encourage you to apply all of these updates. For more information about this month’s security updates, including the detailed view of the Exploitability Index (XI) broken down by each CVE, visit the Microsoft Bulletin Summary webpage. If you are not familiar with how we calculate the XI, a full description can be found here. We re-released one Security Bulletin: MS14-083 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution One new Security Advisory was released: Update for Windows Command Line Auditing (3004375). One Security Advisory was revised: Vulnerability in SSL 3.0 Could Allow Information Disclosure (3009008). We also [ more… ]