Preface: Coding is the process of translating and writing codes from one language to another support operating system platform.
What is Flatpak?
If Linux user found that the new application not available in the App Stores. He can do the installation via the DEB or RPM packages. Some of them are available via PPAs (for Debian based distributions) and if nothing, one can build from the source code. Flatpak provide a 3rd way.
Vulnerability Details: The vulnerability exists because the affected software does not use the seccomp filter to prevent sandbox applications from using TIOCSTI IOCTL.
The snapd default seccomp filter for strict mode snaps blocks the use of the ioctl() system call when used with TIOCSTI as the second argument to the system call. But it didn’t! The fact is that restriction could be circumvented on 64 bit architectures because it performs a 64-bit comparison,but the system call is defined with a 32-bit command argument in the kernel.
Similar design flaw discovered in libseccomp package!
Synopsis:session hijacking, sometimes also known as cookie hijacking is the exploitation of a valid computer session(sometimes also called a session key) to gain unauthorized access to information or services in a computer system.
In software development, time of check to time of use (TOCTOU, TOCTTOU or TOC/TOU) is a class of software bugs caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check.
Out-of-Bounds Read. The program reads data from outside the bounds of allocated memory. Buffer overflow is probably the best known form of software security vulnerability.
Current Status: VMware has been addressed above issues in their product. For more details, please refer to url below:
Synopsis: Analyzing big data not so easy. It requires knowledge of enterprise search engines for making content from different sources like enterprise database, social media, sensor data etc. searchable to a defined audience. Elasticsearch is one of the free and open source enterprise search software.
Vulnerability detail: The vulnerability exists because the affected software mishandles user-supplied input. An attacker could exploit this vulnerability by sending requests that submit malicious input to the affected software.
Remark: Perhaps the total numbers of high severity vulnerability has 19 items. The remaining is address denial of server and command injection. But the privileges escalation merely our focus this time. So the remaining do not display in this discussion.
Preface: The statistic by Netcraft in January 2019, Apache server coverage market reach 30.88%.
Technical background: Apache server not only contain web server service, it can config as a reserve proxy server to enhance the web infrastructure isolation level. Single sign-on authentication method growth significant in past few years. A popular web architecture model, setup Apache become reserve proxy service and thus integrate to single sign on (SAML) function.
Vulnerability detail: If Apache is configured as a reverse proxy with mod_auth_mellon for authentication, the authentication can be bypassed by adding SAML 2.0 ECP headers to the request.
Preface (Attack roadmap): Asus Live Update software installed on laptops and PCs encounter cyber attack in between June and November 2018. Hacker implant a backdoor into the live update software!
Observation: ASUS, it configures the network using dynamic host configuration protocol and then makes a plain HTTP request to a remote server to check if a newer version of the UEFI BIOS firmware is available than the version currently running in the system. Thus, there’s no SSL protection nor verification that it’s actually talking to the correct remote server.
Official announcement: ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups (below URL for reference): https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Preface: In order to avoid cyber attack and insider threat. The monitoring feature is a critical feature in IT world.
Background: CapMon monitors and collects information from the infrastructure and applications. The system does not require installation of extra software on other units in the network. CapMon IT monitoring has a Web based user interface, ensuring fast access to the various functionalities.
Vulnerability details: Design weakness in this software – all priviliges commands “only” grants local administrator privilege. There is a command that allows for even higher privilege escalation – namely the “CALScriptDRUN” command. The fact is that an issue was discovered in CapMon Access Manager 188.8.131.525. CALRunElevated.exe provides “NT AUTHORITY\SYSTEM” access to unprivileged users via the –system option.
Preface: RSA Authentication Manager delivers intelligent, transparent, behind-the-scenes authentication to enhance every secure access scenario.
Product advantage: Take full advantage of virtualization in your organization to ease deployment, administration, and on-going system management.
Vulnerability details: RSA Authentication Manager versions prior to 8.4 P1 contain an Insecure Credential Management Vulnerability. A malicious Operations Console administrator may be able to obtain the value of a domain password that another Operations Console administrator had set previously and use it for attacks. Hints: Please refer to attached diagram.
Remedy: Install RSA Authentication Manager version 8.4 P1 and later version.
Preface: Coinbase announced that it had acquired Neutrino, a blockchain intelligence startup on Feb 2019. This acquisition aim to analyzing data on public blockchains, Neutrino will help us prevent theft of funds from peoples’ accounts, investigate ransomware attacks, and identify bad actors.
Market status: A tremendous worries by cryptocurrency users because the Neutrino (acquired company) run by Former Spyware Developers. And the Neutrinos key staff have been involved with Hacking Team.
Recalling memories: Do you still remember Italian surveillance company exploit CVE-2013-0633. The attacks Involving DaVinci. HackingTeam sold the zero-day exploit to the parties carrying out these attacks or if they acquired the zero-day exploit that allowed them to install DaVinci from a different source. Hacking team responsible the above action.