U.S. Flag Official website of the Department of Homeland Security

The US-CERT Current Activity web page is a regularly updated summary of the most frequent, high-impact types of security incidents currently being reported to the US-CERT.

oCERT Releases Advisory for Unpatched UnZip Vulnerability

The Open Source Computer Security Incident Response Team (oCERT) has released an advisory addressing vulnerabilities in all versions of UnZip. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system if a user opens a specially crafted zip file.

US-CERT recommends users and administrators to review the oCERT Advisory for more details.

"Misfortune Cookie" Broadband Router Vulnerability

Broadband routers employing the Allegro RomPager firmware prior to versions 4.34 contain a vulnerability in HTTP cookie processing code. Exploitation of this vulnerability could allow a remote attacker to take control of an affected device.

Users and administrators are encouraged to review Vulnerability Note VU#561444, the Allegro Press Release, and Check Point's Security Advisory for additional information and apply the necessary updates.

Vulnerabilities Identified in Network Time Protocol Daemon

NTP has released an update that addresses multiple vulnerabilities in the Network Time Protocol daemon. Exploitation of these vulnerabilities may allow a remote attacker to execute malicious code.

US-CERT encourages users and administrators to review Vulnerability Note VU#852879 and update to NTP 4.2.8 if necessary.

Pages

This product is provided subject to this Notification and this Privacy & Use policy.

Back to Top