Forum Thread: Whats Cygwin and why is it lowering my score?

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
PSI

This thread has been marked as locked.
jckinnick Whats Cygwin and why is it lowering my score?
Member 7th May, 2017 19:56
Ranking: 6
Posts: 195
User Since: 21st May, 2010
System Score: N/A
Location: US
98% because Cygwin is out of date whatever that is.

Maurice Joyce RE: Whats Cygwin and why is it lowering my score?
Handling Contributor 7th May, 2017 22:04
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Last edited on 7th May, 2017 22:07
Cygwin details are here - https://www.cygwin.com

What path does PSI give you to the the vulnerability?

Your system score appears to be 100% - have you fixed the problem?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
jckinnick RE: Whats Cygwin and why is it lowering my score?
Member 8th May, 2017 00:29
Score: 6
Posts: 195
User Since: 21st May 2010
System Score: N/A
Location: US
on 7th May, 2017 22:04, Maurice Joyce wrote:
Cygwin details are here - https://www.cygwin.com

What path does PSI give you to the the vulnerability?

Your system score appears to be 100% - have you fixed the problem?



It shows its through Plex, but Plex is up to date. No I haven't fixed the problem, Windows 10 98% but my Windows 8 computer is at 100% same exact mirror pretty much of the other computer.
Was this reply relevant?
+0
-0
Maurice Joyce RE: Whats Cygwin and why is it lowering my score?
Handling Contributor 8th May, 2017 00:54
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
It could well be up to date but that does not mean it is not vulnerable. PSI is a vulnerability checker not a general updater. Does the vulnerability show after a full PSI rescan? On the PSI scan results page what information does it give to solve the problem? What file path does it give?

--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
jckinnick RE: Whats Cygwin and why is it lowering my score?
Member 8th May, 2017 01:09
Score: 6
Posts: 195
User Since: 21st May 2010
System Score: N/A
Location: US
on 8th May, 2017 00:54, Maurice Joyce wrote:
It could well be up to date but that does not mean it is not vulnerable. PSI is a vulnerability checker not a general updater. Does the vulnerability show after a full PSI rescan? On the PSI scan results page what information does it give to solve the problem? What file path does it give?



When I click to update it sends me to some Linux Cygwin page for a download, it must be some kind of program that Plex uses. File path is to Plex folder.
Was this reply relevant?
+1
-0

joeadinolf

RE: Whats Cygwin and why is it lowering my score?
[+]
This reply has been minimised due to a negative Relevancy Score.
Maurice Joyce RE: Whats Cygwin and why is it lowering my score?
Handling Contributor 8th May, 2017 21:08
Score: 12325
Posts: 9,575
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Sadly you have still not supplied the detail I requested so that I can try and help.

I assume after a full PSI rescan the problem persists in which case I need the follow details from the scan results page.


Open PSI >click Show Programs>what details does it give to the problem under the headings Program Name- Installed Version- Secure Version-Criticality-Status?

Now right click on the Program Name and select Show Details - what is the full file path details and version number displayed?

Right click on the Program Name again and select More Information - What Secunia Advisory (SA) number does it give as reference to the vulnerability?




--
Maurice

Microsoft Surface 4 Intel i7 64Bit
Windows 10 Pro version 1809 Build 17763.404
16 GB RAM
IE & Edge Only
Was this reply relevant?
+0
-0
Bichon RE: Whats Cygwin and why is it lowering my score?
Member 10th May, 2017 17:15
Score: 24
Posts: 6
User Since: 12th Jun 2010
System Score: N/A
Location: N/A
I have the same problem. It's due to the Plex media server, which includes a dll file from Cygwin 2.0.2. There is a discussion on the Plex forum here: https://forums.plex.tv/discussion/269566/secunia-p...

Towards the end of the thread it indicates that the issue has been referred to the developers, who will hopefully release an update that doesn't include that vulnerable file.
Was this reply relevant?
+0
-0
jckinnick RE: Whats Cygwin and why is it lowering my score?
Member 11th May, 2017 00:57
Score: 6
Posts: 195
User Since: 21st May 2010
System Score: N/A
Location: US
on 10th May, 2017 17:15, Bichon wrote:
I have the same problem. It's due to the Plex media server, which includes a dll file from Cygwin 2.0.2. There is a discussion on the Plex forum here: https://forums.plex.tv/discussion/269566/secunia-p...

Towards the end of the thread it indicates that the issue has been referred to the developers, who will hopefully release an update that doesn't include that vulnerable file.



Thats what I figured it was, something like that. What should I do? Ignore this update, or just wait it out?
Was this reply relevant?
+0
-0
Bichon RE: Whats Cygwin and why is it lowering my score?
Member 11th May, 2017 17:09
Score: 24
Posts: 6
User Since: 12th Jun 2010
System Score: N/A
Location: N/A
on 11th May, 2017 00:57, jckinnick wrote:
Thats what I figured it was, something like that. What should I do? Ignore this update, or just wait it out?


At the moment I'm waiting it out, but if Plex doesn't update their media server software and mitigate this vulnerability in a timely manner, I'll (reluctantly) switch to one of the other methods for streaming media files from my home network to my Chromecast.
Was this reply relevant?
+0
-0

This thread has been marked as locked.