Preface: If you don’t see much useful in the logs, you could try turning on verbose logging on the Kubernetes component you suspect has a problem using –v or –vmodule, to at least level 4.

Technical background: The cluster-level logging in Kubernetes is that Kubernetes has no native cluster-level logging. There are a few proven methods that can be applied cluster-wide to provide the same effective result of all the logs being collected in a standardized way and sent to a central location. The common way are :Node Logging Agent,Monitoring Kubernetes Pods & Monitoring Applications Running in Kubernetes. Perhaps it is comprehensive. Meanwhile, it encountered sensitive information leakage. Cope with technology world, Kubernetes cluster will do a lot of system integration or thin provisioning. For example: use Ceph product services. So when design weakness occurs, sensitive information will be found here.
Ref: A RADOS Block Device (RBD) is software that facilitates the storage of block-based data in the open source Ceph distributed storage system.

Vulnerability details:

CVE-2020-8563 – https://nvd.nist.gov/vuln/detail/CVE-2020-8563

CVE-2020-8564 – https://nvd.nist.gov/vuln/detail/CVE-2020-8564

CVE-2020-8565 – https://nvd.nist.gov/vuln/detail/CVE-2020-8565

CVE-2020-8566 – https://nvd.nist.gov/vuln/detail/CVE-2020-8566

Comment: The management of log files is merged into ISMS. Therefore, the impact depends on this area.

Preface: We encourages users and administrators to review the Apache security advisory for CVE-2020-17527 and upgrade to the appropriate version, said CISA (4th Dec 2020).

Vulnerability details: With known HTTP/2 Protocol practice, HTTP headers are compressed using a combination of compression schemes (static Huffman coding and context adaptive coding). Flow control and dependency mechanisms that allow HTTP/2 clients and servers to signal how to transmit object. However, a design weakness was found in Apache Tomcat. The fault is that it allow to re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream.
This design limitation will causes error and closure of the HTTP/2 connection. Whereby, it is possible that information could leak between requests.

Remedy: The method was given a specific task and it should be expected to complete it and return the finished result that does not require further processing. Only return StringBuilder when you really need it. In that case also add something to the method name to indicate that you are returning something special. For more detail, please refer to diagram.

Mitigation:
Upgrade to Apache Tomcat 10.0.0-M10 or later
Upgrade to Apache Tomcat 9.0.40 or later
Upgrade to Apache Tomcat 8.5.60 or later

Preface: The new version of Linux kernel 5.1 will add this io_uring. The main purpose of io_uring is to improve the original Linux native AIO problem. For example:
– MySQL and Nginx already support local AIO.
– InnoDB uses the asynchronous I/O subsystem (native AIO) on Linux to perform read-ahead and write requests for data file pages.

Technical details: To put it simply, AIO hands over the corresponding callback function to the system, which is truly asynchronous. However Linux native AIO imposes the following restrictions on files opened with the O_DIRECT flag. When reading and writing files in AIO mode, the operating system’s cache of files cannot be used. The address, content size, and file offset of the buffer can only be read and written from the disk (usually 512 bytes). The advantage to use O_DIRECT will avoid making extra copies of data while transferring it and the call will return after transfer is complete.

Vulnerability details:

Files access across suid boundaries – io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request (relying on ->flush() for being notified before the files_struct can go away). Unfortunately, unshare_fd(), which is used by bprm_execve() via unshare_files(), doesn’t know about that, and assumes that if the files_struct’s refcount is 1, it is okay to keep using the old files_struct.

mm access across suid boundaries – If attacker let the suid binary write the fd number to a fixed address and then use that address instead of free_fd. It can trigger the vulnerability.

Reference: mm (pointer to struct mm_struct) refers to a address space of a process.
For example, exe_file (pointer to struct file) refers to executable file,
while arg_start and arg_end are addresses of first and last byte of argv passed to a process respectively

Status: This vulnerability is currently awaiting analysis.

Preface: The official announcement did not mentioned too much. Do you have doubt of CVE-2020-27177 (Xerox DocuShare vulnerability)?

Product details: DocuShare Scan and Print 7 (hereafter, Scan and Print) is a feature which allows you to print documents uploaded to DocuShare, or upload scanned documents to DocuShare. DocuShare security features protect content from unauthorized access and modification. These features are available to both the site administrator and users, enabling them to apply the level of protection needed for their site.

Vulnerability details: When applications use XML to transport data between browser and server, the applications almost always use a a standard API for processing the XML on the server. Vulnerabilities arise because parsers will, by default, process potentially dangerous features. DocuShare server encountered server-side request forgery (SSRF) attacks and unauthenticated external XML entity injection attacks (XXE). The overall impact could expose DocuShare users to an attack resulting in the loss of sensitive data. Meanwhile, Docushare server had server-side request forgery vulnerability occur. SSRF can cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure. The serious of impact depends on trust relationship in between both end.

Official announcement – https://securitydocs.business.xerox.com/wp-content/uploads/2020/11/cert_Security_Mini_Bulletin_XRX20W_for-DocuShare-6.61_7.0_7.5.pdf

Preface: Vulnerabilities found in products are not news. In short, a total of 3 vulnerabilities were found on the Tesla Model X this time.

Vulnerability Details: About the new discoveries found on Model X. Please refer to the url below. In addition, the attached drawings will provide you with hints.

https://www.wired.com/story/tesla-model-x-hack-bluetooth/

Information Supplement for reference: A cable with vendor parts no (#1013230-00-A) or 3rd party compatible cable allows you to connect to the Model S or Model X service port and access maintenance features like firmware redeploy (used when swapping most parts), read and clear DTC’s (diagnostic trouble codes), run Autopilot camera and radar calibration, read thermals stats on the drive. The Model S and X are running a 100 Mbps, full duplex ethernet network. Some ports and services that were open on the devices were 22 (SSH), 23 (telnet),53 (open domain), 80 (HTTP), 111 (rpcbind), 2049 (NFS), 6000 (X11). Port 80 was serving up a web page with the image or media of the current song being played. The operating system is modified version of Ubuntu using an ext3 filesystem.

Remedy: Waiting for vendor update.