[Onapsis Security Advisory 2015-007] SAP HANA Log Injection Vulnerability
Monthly Archives: May 2015
New release: UFONet v0.5b "Invasion"
Posted by psy on May 28
Hi list,
I am glad to present a new release of this tool.
“UFONet is a tool designed to launch DDoS attacks against a target,
using ‘Open Redirect’ vectors on third party web applications, like botnet.”
Main options are:
* Auto-update
* Clean code (only needs python-pycurl)
* Documentation with examples
* Web/GUI Interface
* Proxy to connect to ‘zombies’ (ex: tor)
* Change HTTP…
Sophos WAF (WebServer Protection) does not analyze JSON data
Posted by Glaudson Ocampos on May 28
SECURITYLABS INTELLIGENT RESEARCH – SECURITY ADVISORY
http://www.securitylabs.com.br/
ADVISORY/0115 – SOPHOS WAF (WEBSERVER PROTECTION) DOES NOT ANALYZE JSON DATA
PRIORITY: MEDIUM
TYPE: WAF Bypass
1 – About SecurityLabs Intelligent Research
———————————————–
SecurityLabs Intelligent Researh is a team specialized in projects of
penetration test(Pentests),
security audits and cryptanalysis.
It has a group of…
RHSA-2015:1031-1: Important: qemu-kvm security update
Red Hat Enterprise Linux: Updated qemu-kvm packages that fix one security issue are now available for
Red Hat Enterprise Linux 6.5 Extended Update Support.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-3456
RHSA-2015:1030-1: Important: kernel security and bug fix update
Red Hat Enterprise Linux: Updated kernel packages that fix one security issue and three bugs are now
available for Red Hat Enterprise Linux 6.4 Advanced Update Support.
Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.
CVE-2015-1421
RHEA-2015:1034-1: Red Hat Enterprise MRG Realtime 2.5 enhancement update
Red Hat Enterprise Linux: Updated Red Hat Enterprise MRG Realtime packages that add one enhancement are
now available for Red Hat Enterprise MRG 2.5.
RHEA-2015:1029-1: new packages: kmod-tg3
Red Hat Enterprise Linux: New kmod-tg3 packages are now available for Red Hat Enterprise Linux 6.
RHBA-2015:1033-1: glibc bug fix update
Red Hat Enterprise Linux: Updated glibc packages that fix one bug are now available for Red Hat Enterprise
Linux 6.
RHBA-2015:1032-1: pam bug fix update
Red Hat Enterprise Linux: Updated pam packages that fix one bug are now available for Red Hat Enterprise
Linux 5.
USN-2617-3: NTFS-3G vulnerability
Ubuntu Security Notice USN-2617-3
27th May, 2015
ntfs-3g vulnerability
A security issue affects these releases of Ubuntu and its
derivatives:
- Ubuntu 15.04
Summary
NTFS-3G could be made to overwrite files as the administrator.
Software description
- ntfs-3g
– read/write NTFS driver for FUSE
Details
USN-2617-1 fixed a vulnerability in NTFS-3G. The original patch did not
completely address the issue. This update fixes the problem.
Original advisory details:
Tavis Ormandy discovered that FUSE incorrectly filtered environment
variables. A local attacker could use this issue to gain administrative
privileges.
Update instructions
The problem can be corrected by updating your system to the following
package version:
- Ubuntu 15.04:
-
ntfs-3g
1:2014.2.15AR.3-1ubuntu0.2
To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.
In general, a standard system update will make all the necessary changes.