Preface: IKE phase 1 in the sense that an attacker can perform a denial of service.

Background: Why use Ephemeral Diffie-Hellman? Ephemeral Diffie-Hellman (DHE in the context of TLS) differs from the static Diffie-Hellman (DH) in the way that static Diffie-Hellman key exchanges always use the same Diffie-Hellman private keys. So, each time the same parties do a DH key exchange, they end up with the same shared secret.
Ephemeral Diffie-Hellman doesn’t provide authentication on its own, because the key is different every time. So neither party can be sure that the key is from the intended party.
One reason that communication protocols use ephemeral keys is to help with implementing Perfect Forward Security. They’re also used in SSL to go from using RSA to using a faster symmetric encryption.
Perfect Forward Secrecy (PFS), also known as Forward Secrecy, is an encryption style known for producing temporary private key exchanges between clients and servers.

Vulnerability details: Using long exponents in the Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations.
An attacker may cause asymmetric resource consumption with any common client application which uses a DHE implementation that applies short exponents. The attack may be more disruptive in cases where a client sends arbitrary numbers that are actually not DH public keys (aka the D(HE)ater attack) or can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. This can affect TLS, SSH, and IKE.

Workaround: A workaround is to temporary disable DHE key exchange and only use ECDHE (Elliptic Curve Diffie-Hellman), in SSL / TLS / HTTPS using network services.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2022-40735

Preface: About 4 years ago, it was a hot topic for enterprise companies to develop the Hyperledger system framework for their business operations.
Multiple industries are willing to develop or undergo digital transformation. It includes huge fund investment companies, insurance companies and banking environments. The blockchain system architecture is the ancestor of Hyperledger. But cryptocurrencies have concerns about potential economic risks in the countries where the financial world belongs.
So it drawn down the development force of this technology. If National Vulnerability Database not alert Hyperledger Fabric 2.3 have bug last week. I think it will lost in my mind.
In fact, the Japanese financial industry was the first to develop and integrate Hyperledger Fabric into their business. In addition, the logistics industry is also involved in this advanced distributed development technology platform. Because their business operation keen to enhance fault tolerance level and high system resilience comparing to traditional design. Perhaps an unintended vulnerability factor gave the technology momentum. It keeps running and doesn’t stop.

Background: What is a Hyperledger channel?
A Hyperledger Fabric channel is a private “subnet” of communication between two or more specific network members, for the purpose of conducting private and confidential transactions.
Chaincode is a fabric-specific script written to perform operations within the framework. Hyperledger Fabric’s chaincode enables a user with no knowledge of blockchain technology to build and deploy smart contracts and transactions.

Vulnerability details: Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.Raft (recommended) New as of v1. 4.1, Raft is a crash fault tolerant (CFT) ordering service based on an implementation of Raft protocol in etcd .Raft is a protocol with which a cluster of nodes can maintain a replicated state machine. The state machine is kept in sync through the use of a replicated log.
Perhaps Raft will be resolve this matter. However…..
Raft is a well-known and widely used distributed consensus algorithm, but as it has a built-in purpose of comprehensibility, it is always compromised in terms of performance as a trade-off.
For example: The Raft protocol is implemented based on the state machine of log replication. However, in actual systems, the log could not allow unlimited growth. As time increases, the continuous growth of logs will take up more log transmission overhead, as well as more recovery time for node downtime.

Suggestion: Patch (go to Hyperledger Fabric 2.4). In order to avoid such vulnerability. Hyperledger Fabric 2.4 calculate package ID of a packaged chaincode.

Official announcement: Please refer to the link for details – https://github.com/hyperledger/fabric/pull/2934

Preface: In Kernel mode, the executing code has complete and unrestricted access to the underlying hardware. It can execute any CPU instruction and reference any memory address. Kernel mode is generally reserved for the lowest-level, most trusted functions of the operating system.

Background: NVIDIA vGPU software enables multiple virtual machines (VMs) to have simultaneous, direct access to a single physical GPU, using the same NVIDIA graphics drivers that are deployed on non-virtualized operating systems.
NVIDIA Virtual GPU (vGPU) enables multiple virtual machines (VMs) to have simultaneous, direct access to a single physical GPU, using the same NVIDIA graphics drivers that are deployed on non-virtualized operating systems. By doing this, NVIDIA vGPU provides VMs with unparalleled graphics performance, compute performance, and application compatibility, together with the cost-effectiveness and scalability brought about by sharing a GPU among multiple workloads.

Vulnerability details: NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
When this vulnerability occurs, it will affect the integrity and confidentiality of the system environment (refer to this diagram). The scenario is simplified due to the description of the official vulnerability.But do not contempt this matter.

Impact software products:

• vGPU software (Virtual GPU Manager) Citrix Hypervisor,VMware vSphere and Red Hat Enterprise Linux KVM
• vGPU software (guest driver) Linux
• vGPU software (guest driver) Windows

Official announcement: Please refer to the link for details – https://nvidia.custhelp.com/app/answers/detail/a_id/5383

Preface: As we know, some tools in the digital world will jeopardize the Windows operating system. This week (November 8, 2022) when we shift our focus to Microsoft Security Alerts. There is an attack scenario similar to CVE-2022-41113. The vendor will not disclose details due to security reasons. But the technical details below will wake you up.

Background: Local Security Authority Server Service (LSASS) is a process in Microsoft Windows operating systems that is responsible for enforcing the security policy on the system. It verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens.
Domain, local usernames, and passwords that are stored in the memory space of a process are named LSASS (Local Security Authority Subsystem Service).

Vulnerability details: This week (November 8, 2022) when we shift our focus to Microsoft Security Alerts. There is an attack scenario similar to CVE-2022-41113. The vendor will not disclose details due to security reasons. But the technical details below will wake you up.

Assigner: Microsoft
Published: 2022-11-09

Updated: 2022-11-09
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability.

One of the possible paths an attacker would take.
Mimikatz, how it collect Windows passwords, credentials
One way to avoid being blocked by antimalware is to use the Invoke-Mimikatz PowerShell module, which enables an attacker running PowerShell, Microsoft’s task automation framework, to load and execute Mimikatz remotely without needing to write the executable to the targeted system’s disk.

Run Mimikatz and use the following commands to extract credentials from your LSASS Dump file:
mimikatz # sekurlsa::minidump lsass[.]DMP
mimikatz # log lsass[.]txt
mimikatz # sekurlsa::logonPasswords

Remedy:

• On x86-based or x64-based devices using Secure Boot and UEFI or not
• enable LSA protection on a single computer
• Using Local Group Policy on Windows 11, 22H2 (Configure LSASS to run as a protected process)

Official announcement: Please refer to the link for details – https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41113

Preface: HTTP request smuggling exploits the inconsistency in parsing non-RFC-compliant HTTP requests via two HTTP devices (backend server and afront-end proxy). When attacker successful inject a malicious HTTP request into the web server, bypassing internal security controls. This can allow the attacker to:

• Gain access to protected resources, such as admin consoles
• Gain access to sensitive data
• Hijack sessions of web users
• Launch cross-site scripting (XSS) attacks without requiring any action from the user
• Perform credential hijacking

Background: RDP Proxy is capable providing RDP features. Users can access the remote desktops through the Citrix Gateway appliance.The design consists of the following:

1. Deployment through clientless VPN: In this mode the RDP links are published on the Gateway home page or portal, as bookmarks, through the add vpn url configuration or through an external portal. The user can click these links to get access to the Remote Desktop.
2. Deployment through ICA Proxy: In this mode a custom home page is configured on the Gateway VIP by using the wihome parameter.This home page can be customized with the list of Remote desktop resources that the user is allowed to access. This custom page can be hosted on Citrix ADC, or if external, it can be an iFrame in the existing Gateway portal page.

Affected customers of Citrix ADC and Citrix Gateway are recommended to install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible.Design weakness impact the following product versions:

• Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
• Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
• Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
• Citrix ADC 12.1-FIPS before 12.1-55.289
• Citrix ADC 12.1-NDcPP before 12.1-55.289

Reference: The following are possible ways to mitigate the vulnerability (HTTP Request Smuggling Vulnerability)

• Ensuring that front-end and back-end servers only communicate using the HTTP/2 protocol can prevent most variants of this attack.
• Interpret HTTP headers consistently on front-end and back-end servers.

Official announcement: Please refer to the link for details – https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516

Preface: Total lunar eclipse and lunar occultation of Uranus on the evening of November 8 2022.

About: A larger block size will require higher transmission time compared to the smaller block size. A smaller block is more efficient but building too small a block will require higher block composition time to clear all the transactions. Both performance factors are contradictory to each other.

Background: The Lightning Network Daemon ( lnd ) – is a complete implementation of a Lightning Network node. lnd has several pluggable back-end chain services including btcd (a full-node), bitcoind , and neutrino (a new experimental light client).
The Lightning Network is a second layer added to Bitcoin’s blockchain that allows off-chain transactions, i.e. transactions between parties not on the blockchain network.

Vulnerability details: btcd before 0.23.2, as used in Lightning Labs lnd before 0.15.2-beta and other Bitcoin-related products, mishandles witness size checking.

Ref”: “maxWitnessItemSize” is the maximum allowed size for an item within an input’s witness data. This number is derived from the fact that for script validation, each pushed item onto the stack must be less than 10k bytes.

Remedy: The issue here is that the old checks for the maximum witness size, circa segwit v0 where placed in the wire package as well as the tx engine. This check should only be in the engine, since it’s properly gated by other related scrip validation flags.

The fix itself is simple: limit witnesses only based on the maximum block size in bytes, or ~4MB.

Official announcement: Please refer to the link for details – https://github.com/lightningnetwork/lnd/releases/tag/v0.15.2-beta

Preface: Is cloud computing in demand in 2022? Their latest forecast predicts the spending on public cloud services to jump from $257.5 billion in 2020 to $304.9 billion in 2022 as cloud services play a central role in helping businesses recover from the onslaughts of the pandemic.
The current version of NFS is also called NFS v4 but was implemented through RFC 3530. In 2003, it was published. Since then, compared to early NFS v4, NFS v4 has improved a lot in terms of optional features, such as protection, caching, locking, and message communication performance. While NFS has PC capabilities, it has often been treated as a file-oriented protocol rather than the PC environment for UNIX and Linux operating systems. Microsoft Azure, a popular public cloud service, offers Azure Files, a cloud-based distributed file which supports NFS 4.1 since September 2020, in the Azure Files premium tier only.

Background: NFS is an RPC-based protocol, with a client-server relationship between the machine having the filesystem to be distributed and the machine wanting access to that filesystem. Each version of the NFS RPC protocol contains several procedures. The basic procedures performed on an NFS server can be grouped into directory operations, file operations, link operations, and filesystem operations. The nfsd daemon runs on a server and handles client requests for file system operations. Each daemon handles one request at a time. Assign the maximum number of threads based on the load you expect the server to handle.

• NFS version 3 (NFSv3) supports safe asynchronous writes and is more robust at error handling than the previous NFSv2; it also supports 64-bit file sizes and offsets, allowing clients to access more than 2 GB of file data.
• NFS version 4 (NFSv4) works through firewalls and on the Internet, no longer requires an rpcbind service, supports Access Control Lists (ACLs), and utilizes stateful operations.

Vulnerability details:
CVE-2022-43945 – The Linux kernel NFSD implementation prior to versions 5.19.17 and 6.0.2 are vulnerable to buffer overflow. NFSD tracks the number of pages held by each NFSD thread by combining the receive and send buffers of a remote procedure call (RPC) into a single array of pages. A client can force the send buffer to shrink by sending an RPC message over TCP with garbage data added at the end of the message. The RPC message with garbage data is still correctly formed according to the specification and is passed forward to handlers. Vulnerable code in NFSD is not expecting the oversized request and writes beyond the allocated buffer space.
Cause: One notable set of fixes addresses a subtle buffer overflow issue that occurs if a small RPC Call message arrives in an oversized RPC record. This is only possible on a framed RPC transport such as TCP. Because NFSD shares the receive and send buffers in one set of pages, an oversized RPC record steals pages from the send buffer that will be used to construct the RPC Reply message. NFSD must not assume that a full-sized buffer is always available to it; otherwise, it will walk off the end of the send buffer while constructing its reply.

Official announcement: Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2022-43945

Preface: If the supplier does not provide details. It’s hard to avoid that it’s not the exact answer.

Abuse code signing
-key compromise
-use of revoked or expired certificates
-code errors
-Systems compromise

Background: If you’re developing apps for iOS, you need to sign your builds in order to send them to the App Store. However, iOS code signing can be challenging for many. Code Signing is a way for iOS devices to know that the app to be install on the device is from a known source. There are 3 key components in code signing:

1) Certificates
2) Bundle IDs
3) Provisioning Profiles

Bundle IDs are unique strings that identify an app. Every app on your Apple devices have a Bundle ID. That’s how Apple and your devices separate your app from others.
For every app that needs to be signed, you need to register its Bundle ID to Apple’s Developer Portal.

In iOS 6, the first two components of the bundle ID are used to generate the vendor ID. If the bundle ID only has a single component, then the entire bundle ID is used.
In IOS 7, all components of the bundle except for the last component are used to generate the vendor ID. If the bundle ID only has a single component, then the entire bundle ID is used.
According to above, two different bundle ID names would appear to have the same vendor ID. This situation will favor cyber criminals, please refer to point no.6 shown on diagram.

Vulnerability details: An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7, macOS Ventura 13, iOS 16, iOS 15.7 and iPadOS 15.7, macOS Monterey 12.6. An app may be able to bypass code signing checks.

Please refer to the link for details – https://developer.apple.com/documentation/uikit/uidevice/1620059-identifierforvendor

Preface: The heap is an area of dynamically-allocated memory that is managed automatically by the operating system or the memory manager library. Memory on the heap is allocated, deallocated, and resized regularly during program execution, and this can lead to a problem called fragmentation.

Background:

For instance, when you download a c++ compiler for your platform, you, in fact, download the c++ frontend with the linux-amd64 backend. This coding architecture is extremely helpful, because it allows to port the compiler for another architecture without rewriting the whole parsing/optimizing thing.

When applications need memory, they have to request it from the operating system. This request from the kernel will naturally require a system call. You cannot allocate memory yourself in user mode. The malloc() family of functions is responsible for memory allocation in the C language. The question to ask here is whether malloc(), as a glibc function, makes a direct system call. There is no system call called malloc in the Linux kernel. However, there are two system calls for applications memory demands, which are brk and mmap.
By far the most widely used C library on Linux is the GNU C library, often referred to as glibc. The pathname /lib/libc[.]so[.]6 (or something similar) is normally a symbolic link that points to the location of the glibc library, and executing this pathname will cause glibc to display various information about the version installed on your system.

Vulnerability details: Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd[.]c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to sudo by entering a password of seven characters or fewer. The impact could vary depending on the compiler and processor architecture.

What is the difference between su and sudo?

• su allows to run commands with a substitute user and group ID.
• sudo allows a permitted user to execute a command as the superuser or another user, as specified by the security policy. The invoking user’s real (not effective) user-ID is used to determine the user name with which to query the security policy.

Remedy: Please refer to the link for details – https://github.com/sudo-project/sudo/commit/bd209b9f16fcd1270c13db27ae3329c677d48050

Preface: Few years ago, people know the following details:
io_service_open_extended is one of several undocumented MIG functions to communicate with IOKit drivers from user mode. This approach provides an opportunity for an attacker to perform kernel exploitation. Code writing in C-like languages can accidentally affect memory safety.

Background: Memory Tagging Extension (MTE) is designed to provide robustness against attacks attempting to subvert code processing malicious, attacker-provided, data. It does not address algorithmic vulnerabilities or malicious software. The core principle of type isolation is that after any particular address has been used for a given “type” of object, only objects of that type can ever exist at that address for the lifetime of the program.
Memory can broadly be categorized either as “control” or as “data.” Control is what lets a program structure and organize data. It includes things such as pointers, reference counts, lengths, and typing information like union tags. Almost everything else is data.
Apple also rarely shared the core technology of XNU, mainly the security upgrade of XNU memory, the first topic is the memory allocator kalloc_type.

Vulnerability details: A vulnerability classified as critical has been found in Apple iOS and iPadOS (Smartphone Operating System) (version unknown). Affected is an unknown function of the component Kernel. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-787. The software writes data past the end, or before the beginning, of the intended buffer. This is going to have an impact on confidentiality, integrity, and availability.

Affected: Versions prior to iOS 15.7.1 and iPadOS 15.7.1
Solutions: Apply fixes issued by the vendor: iOS 15.7.1 and iPadOS 15.7.1

Please refer to the link for details – https://nvd.nist.gov/vuln/detail/CVE-2022-42827