Preface: Technology cannot fight against coronavirus in the moment.
Easter, commemorating the resurrection of Jesus from the dead.
Wish that human can managed to fight it all. Comparing with coronavirus. The vulnerability in computer system looks easy resolve.

Security focus – Juniper Network product:

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration.

My observation: Refer to attach diagram, below is the information for supplement.

Fundamental
/bin/sh is an executable representing the system shell. Actually, it is usually implemented as a symbolic link pointing to the executable for whichever shell is the system shell.
Since it is a bash file so commands inside it will get executed, and if we execute the file as root, then all the commands inside it will also get executed as root. So, let’s take advantage of that and append /bin/bash -i to the file. This will execute bash as root, which in turn will open the root shell.

Official announcement of this matter (JunOS vulnerability) – https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11010&cat=SIRT_1&actp=LIST

Preface: Dockerized Vesta Control Panel aka vestacp. You can download vesta source code and modify it the way you want. You are totally free to do it so to Vesta is licensed under GPL

Background: You are able to install and configure VestaCP on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7

Vulnerability details: The proof of concept by Metasploit that a Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

Remedy – Remedy looks not release yet, it is suggested to focus in official announcement. https://forum.vestacp.com/viewforum.php?f=25

Preface: According on 2020 market statistic, FireFox market share only 9.25%. But Chrome has 68.11% coverage. However I like FireFox.

How Firefox’s memory allocator works?

Firefox uses a memory allocator called moz jemalloc. There are two properties which focus by cyber security expert so far!

[PSJ] – In essence, a chunk is broken into several runs.

– Each run holds regions of a specific size. [TSOF]

– The feature of jemalloc is that it operates in a last-in-first-out (LIFO) manner, a free followed by a garbage collection and a subsequent allocation request for the same size, most likely ends up in the freed region.

Vulnerability details: CVE-2020-6819 is a use-after-free vulnerability due to a race condition when the nsDocShell destructor is running. CVE-2020-6820 is a use-after-free vulnerability due to a race condition in the ReadableStream class, which is used to read a stream of data.

Official announcement – https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/