Monthly Archives: May 2015

NVD

CVE-2015-2122

The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows remote attackers to cause a denial of service via network traffic to the REST port.

Avira

Hacking tools to become weapons of war

Hackers can start wars. That’s a fact. It’s also one of the fears people have learned to live with. As opposed to some reductionist definitions of war, when it comes to the cyber-war topic, it’s not always a good vs. bad kind of battle. It’s more of a battle of competences between highly skilled hackers.

Divide and conquer

In order for a massive hacking to succeed, some advanced software programs are required. Here’s where the US government saw on opportunity to try and keep under control foreign hacking initiatives.

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that focuses on national security and high technology issues, is currently struggling to obtain tighter export rules for computer security tools. The objective is to disallow encryption license exceptions for cyber security tools that qualify as “intrusion software” thanks to the ability to extract or modify data from a computer or a network-enabled device or simply tweak the standard execution path of a program.

No hacking without license

As mentioned in the official presentation, the BIS proposal  focuses on:

  • systems, equipment or components specially designed for the generation, operation or delivery of, or communication with, intrusion software;
  • software specially designed or modified for the development or production of such systems, equipment or components;
  • software specially designed for the generation, operation or delivery of, or communication with, intrusion software;
  • technology required for the development of intrusion software;
  • Internet Protocol network communications surveillance systems or equipment and test, inspection, production equipment, specially designed components therefor, and development and production software and technology therefor

Although we are talking about the United States Government, this proposal can lead to the revision of international agreements and thus have an important impact on the work of security researchers all around the world.

Initially mentioned in the Wassenaar Arrangement (WA) at the Plenary meeting in December 2013, the proposal is up to debate for another two months so make sure to submit a formal comment in the Federal Register.

Read more about this on the BetaNews website.

 

 

The post Hacking tools to become weapons of war appeared first on Avira Blog.

CentOS

CEBA-2015:1024 CentOS 5 rsyslog5 BugFix Update

CentOS Errata and Bugfix Advisory 2015:1024 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1024.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
3e094236ec2178eea5eccc8207dffb5d32f396ce3028f048514668e2d0e55364  rsyslog5-5.8.12-7.el5_11.i386.rpm
7b497a21efa70cc6d300fc0900e4d2e12bebc6774c5c13cecce54bd25adb2bd1  rsyslog5-gnutls-5.8.12-7.el5_11.i386.rpm
d7dd7646283c69dd965d1c96a3af97000569a4082b95bfb54c3b5e26ee0782e8  rsyslog5-gssapi-5.8.12-7.el5_11.i386.rpm
83fafa010504b55887c1fbaa045ceacbb55acf0be224286d6d7284a8d8d2c5f9  rsyslog5-mysql-5.8.12-7.el5_11.i386.rpm
f27e86c434717b5654fb0ec1fdd4708a0ed80adf16b1dfdf1c3e3737e3bef808  rsyslog5-pgsql-5.8.12-7.el5_11.i386.rpm
d2f8141ef436aad686d256ac7c810e0af18b80525840e6ef39304c83606070f9  rsyslog5-snmp-5.8.12-7.el5_11.i386.rpm

x86_64:
1e9be5e99e9381e353efaa8f7063e3448f18b08da7fe7972502e94da8ab6879c  rsyslog5-5.8.12-7.el5_11.x86_64.rpm
311c186b0746795e7f5dc260e3d858dab6b3d5ed96d1b592b2bbbadbb5409cf2  rsyslog5-gnutls-5.8.12-7.el5_11.x86_64.rpm
06880d6705ac5dd688d02752abf5fbf468b2632f1a1c1299fd55bbaa8f12af14  rsyslog5-gssapi-5.8.12-7.el5_11.x86_64.rpm
7624919a44cf03a0bb2a1bbbc7ebbda0f2d126cc204345a172d65fba925c405d  rsyslog5-mysql-5.8.12-7.el5_11.x86_64.rpm
23949c0942cca48b1be050ac147143a20278c338cbfc622faceaba31d7877ddb  rsyslog5-pgsql-5.8.12-7.el5_11.x86_64.rpm
5782448c63954458157638f79df4a67eb5b6b20fe1300502530f71769828cca6  rsyslog5-snmp-5.8.12-7.el5_11.x86_64.rpm

Source:
4d8280a183a25cb2b901f6f593daa44ddba7ef52fe0740ebf840a6b4b0681ca2  rsyslog5-5.8.12-7.el5_11.src.rpm
Full Disclosure

Reflected Cross-Site Scripting in Synology DiskStation Manager

Posted by Securify B.V. on May 25

————————————————————————
Reflected Cross-Site Scripting in Synology DiskStation Manager
————————————————————————
Han Sahin, May 2015

————————————————————————
Abstract
————————————————————————
A reflected Cross-Site scripting vulnerability was found in…

Full Disclosure

Synology Photo Station multiple Cross-Site Scripting vulnerabilities

Posted by Securify B.V. on May 25

————————————————————————
Synology Photo Station multiple Cross-Site Scripting vulnerabilities
————————————————————————
Han Sahin, May 2015

————————————————————————
Abstract
————————————————————————
Multiple reflected Cross-Site scripting vulnerabilities…

Full Disclosure

Command injection vulnerability in Synology Photo Station

Posted by Securify B.V. on May 25

————————————————————————
Command injection vulnerability in Synology Photo Station
————————————————————————
Han Sahin, May 2015

————————————————————————
Abstract
————————————————————————
A command injection vulnerability was found in Synology Photo Station,…

CentOS

CEBA-2015:1025 CentOS 6 firefox BugFix Update

CentOS Errata and Bugfix Advisory 2015:1025 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2015-1025.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
4345bd1df5b83359f0be4b26593a3c54610ad3f2d8444930c302311210bb88d7  firefox-38.0.1-1.el6.centos.i686.rpm

x86_64:
4345bd1df5b83359f0be4b26593a3c54610ad3f2d8444930c302311210bb88d7  firefox-38.0.1-1.el6.centos.i686.rpm
c5171dd56742ba8dc66c2c37fb3d98e42bd01f78dab535340bab639df881b9cd  firefox-38.0.1-1.el6.centos.x86_64.rpm

Source:
802da2511cfdb9eb1ffbb1e52348b4e7c922707a4dcc8b180cde6827d22501c5  firefox-38.0.1-1.el6.centos.src.rpm