Preface: Today is Valentine’s Day 2023, are you alone? But in the future artificial intelligence will be with you.
Background: With an AI content writer, all you need to do is enter your desired topic or keyword into the plugin settings, and then AI will immediately generate an article that reads as if it were written by a human. You’ll get unique, engaging stories without having to spend hours typing out paragraphs or researching facts. Plus, you’ll have a consistent style and tone that you can use for all of your content.
Vulnerability details: The GPT AI Power: Content Writer & ChatGPT & Image Generator & WooCommerce Product Writer & AI Training WordPress plugin before 1.4.38 does not perform any kind of nonce or privilege checks before letting logged-in users modify arbitrary posts. Ref: CWE is classifying the issue as CWE-862. The software does not perform an authorization check when an actor attempts to access a resource or perform an action. This is going to have an impact on integrity, and availability.
Solution: Upgrading to version 1.4.38 eliminates this vulnerability.
Preface: This design weakness was released 30th Jan 2023. However, this vulnerability is known as CVE-2022-42292 since 10/03/2022. But it already been fixed.
Background: The GeForce Experience features a host of performance and configuration tweaks for games, automatic driver updates for your GPU, Nvidia Shadowplay for live streaming, integrated game filters (like Instagram filters but for your PC games), and many more powerful options.
Vulnerability details: NVIDIA GeForce Experience contains a vulnerability in the NVContainer component, where a user without administrator privileges can create a symbolic link to a file that requires elevated privileges to write to or modify, which may lead to denial of service, escalation of privilege or limited data tampering.
My observation: I speculate that this vulnerability will affect home users rather than business users. Since the domain user account has best practice Windows access control policies which driven by IT department.
For your reference: Symbolic links have irrelevant access permissions. Users are only prevented from operating on a symlink by the permissions of its parent directory and the target file. Windows 11 doesn’t require administrative privileges to create symbolic links.
Apart from above concern. Actually, it’s easy to setup access restrictions for home user. You can do it yourself.
Enable Administrator account on Windows 11 from Command Prompt 1. Open Start on Windows 11. 2. Run “Command Prompt”, right-click the top result, and select the Run as administrator option. 3. Type the following command to enable the Windows 11 Administrator account and press Enter: net user “Administrator” /active:yes.
Preface: AI system infrastructure may not have a mature model, it will continue forever, without end. Perhaps this is true sustainability. Since the key component is the computer. So the only thing that slows him down is software or hardware bugs.
Background: Cryptocurrency technology fully utilise the concept of Blockchain. Seems the advantage of cryptocurrency is easy misused and lead it become dangerous. Therefore many government hesitate to get involves and let it fail to original objective. However their related technology will be growth rapidly. Yes, it is the IFPS. AI requires heavy amounts of storage and compute. From technical point of view, Distributing storage will be an advantage. Since the data not place in the same area. It enhance overall reliability and efficiency. AI robots will communicate using 5G. Deal with distributed data storage. Machine learning operations and processes can be fully leveraged as it breaks down regional constraints.Perhaps the distributed cloud computing platform is the beginning of milestone to boots the world into artificial intelligence world.
Large models of deep learning are often shared by researchers via Google Drive links which have transfer limits and are not reliably online. IPFS provides a great decentralized solution to hosting data which can be downloaded via regular web links. IPFS implementation in Go. “unixfs” is a tool in the Go Modules Packages category of a tech stack. A Merkle DAG is a DAG where each node has an identifier, and this is the result of hashing the node’s contents. go-unixfs implements unix-like filesystem utilities on top of an ipld merkledag. MerkelDAG implementation in Python.
Vulnerability details: go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes.
Solution: Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.
Preface: What is the benefits of corrective action. A motivation to maintain sustainability.
Background: Background: X.509 describes an approach to providing and managing authentication using asymmetric cryptography, generally referred to as Public Key Infrastructure (PKI). If X.400 defined authentication mechanism using x.509 PKI: It enhance end to end services for content integrity, message origin authentication and message sequence integrity.
Certificate extensions were introduced in version 3 of the X. 509 standard for certificates. These v3 extensions allow certificates to be customized to applications by supporting the addition of arbitrary fields in the certificate.
OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) .
Vulnerability details: There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.
My observation: Whether the attacker use a vulnerability exploit method similar to CVE-2020-1971 as an attack? OpenSSL’s s_server, s_client and verify mechanism have support for the “-crl_download” option which implements automatic CRL downloading and this attack has been demonstrated to work against those mechanism. The way is that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL’s parser will accept and hence trigger this attack.
Official announcement: For details, see the link (below):
Preface: PyCrypto is no longer under active development (project is dead – 2015). For details, see the link – https://github.com/pycrypto/pycrypto/issues/173 “cryptography” is a package which provides cryptographic recipes and primitives to Python developers. The goal is for it to be your “cryptographic standard library”. It supports Python 3.6+ and PyPy3 7.2+.
Background: “cryptography” is a package which provides cryptographic recipes and primitives to Python developers. Unlike some OOP languages, Python is dynamically typed, which means that you don’t need to declare what kind of data (e.g. integer, array, etc) a variable can take before using it. In computer science, a data buffer (or just buffer) is a region of a memory used to temporarily store data while it is being moved from one place to another. Immutable buffers are allocated with an initial data content that may not be subsequently modified. This access model implies that all sharing of buffers is read-only.
Vulnerability details: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
My observation: According to CFFI technical manual, if require_writable is set to True, the function fails if the buffer obtained from python_buffer is read-only (e.g. if python_buffer is a byte string). The exact exception is raised by the object itself, and for things like bytes it varies with the Python version, so don’t rely on it. (Before version 1.12, the same effect can be achieved with a hack: call. Therefore it may need to take care of this cryptographic lib again when Python version update.
Preface: Einstein’s formula e=mc2 opened the door to the world of science and the universe. Since the equation involves complex and advanced arithmetic. So no one can simply describe it. Modern civilisation relies on digital computing. Our daily lives involve smartphones, smart cities and countless so-called Internet of Things (IoT) devices. But who empower knowledge to AI (artificial intelligence). Perhaps the answer is you.
Background: Sometimes when you shop online, you don’t buy. But later, you get an email with a special price on the same product you viewed. Who do the magic? The magic is given by internet cookies. A cookie is arbitrary data, usually selected and first sent by a web server, and stored on the client computer by the web browser. The browser then sends them back to the server with each request, introducing state (memory of previous events) into an otherwise stateless HTTP transaction.
Following are the type of cookies set by Google on a user’s hard disk.
Preference cookie (called PREF) – used to store users preference (like preferred language or any type of customisation).
Security cookies (SID and HSID) – used to protect users data from unauthorized access.
Process cookies (“Ibcs”) – used to maintain certain websites functionality
Advertising cookie (id) – used to serve personalized ads to users and to make advertising more effective
Conversion cookies – used to track users interaction with ads.
Analytics cookies (“_utma, _utmb, _ga, etc.) – used to collect Google Analytics data
Brief overview: Cookies is a data, whereby it is resources of data analytics. Ref: The global total has grown by 1.8 percent over the past year, with 95 million new mobile users since this time last year. Global internet users: Global internet users have climbed to 4.95 billion at the start of 2022, with internet penetration now standing at 62.5 percent of the world’s total population. Big data refers to data that is so large, fast or complex that it’s difficult or impossible to process using traditional methods. Big data and AI have a synergistic relationship. Big data analytics leverages AI for better data analysis. In turn, AI requires a massive scale of data to learn and improve decision-making processes.
Because of AI and big data, it explain that even though you shop online, but you didn’t buy. But later, you get an email with a special price on the same product you viewed. It’s a simple concept where intelligence comes from.
If given the opportunity, is there room for other discussions in the future, focusing on cybersecurity for artificial intelligence. stay tuned!
Preface: CVE-2022-26373 technical detail has released to public on 9th Aug 2022. Till end of Jan, 2023 it still has update on this vulnerability. For example, Red Hat fixed this vulnerability in their product Enterprise Linux 7 on 3rd Nov 2022. Since then it conducting the remediation to their product line. Perhaps the remediation on 24th Jan 2023 to Red Hat Virtualisation 4 for Red Hat Enterprise Linux 8 is the final round. Looks like this is a CPU vendor specific bug. As a result, some vendors have stated that their products are not affected by this vulnerability. Whether it a absolute answer? All will depends on the use of CPU processor brand.
Background: From technical point of view, Indirect Branch Restricted Speculation (IBRS) is an indirect branch control mechanism that restricts speculation of indirect branches. See below for technical details. CPUID.(EAX=7H,ECX=0): If EDX is 1, it means support IBRS and IBPB, OS can write IA32_SPEC_CTRL0 and IA32_PRED_CMD0 to control the behavior of indirect branch predictor. IBRS finally failed to enter the kernel due to function problems, however when when the vm is switched. It can get into kernel. This weakness found in 2018 earlier stage.
Vulnerability details: A flaw was found in hw. In certain processors with Intel’s Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, soon after VM exit or IBPB command event, the linear address following the most recent near CALL instruction prior to a VM exit may be used as the Return Stack Buffer (RSB) prediction. Non-transparent sharing of return predictor targets between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
Preface: As time goes by, Log management is a mandatory setting in the digital world. Log management core architecture design involves a lot of software design. Therefore, you will be exposed to different forms of cyber attacks. So you need to watch out and protect yourself from harm.
Background: Log Insight includes the following key capabilities • Integrates with VMware vRealize Operations™ to bring unstructured and structured data together, for significantly enhanced end-to-end operations management.
System Features: Web Hooks supports additional alerting extensibility into Slack,etc. • Simple Query API adds support for simple keyword search, complex queries, integration with CMDBs, external UI analysis,etc. • Support for pure IPV6 environment – both server and agent side. • Server side Agent upgrades – supports automatic agent upgrades
Remark: Working with webhooks exposes an HTTP endpoint that can be called from any actor on your server. Without appropriate measures, this could be extremely unsafe. For example: A man-in-the-middle attack is a vulnerability where a third party obtains access to your webhook data by capturing and reading the request.
Vulnerability details: VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
Affected Versions: VMware vRealize Log Insight 8.x prior to 8.10.2.
Consequence: Successful exploitation of the vulnerability may allow remote code execution and complete system compromise.
Preface: As usual when you read a vulnerability bulletin. The vendor sometimes do not disclose technical details to the public. If you will read daily renewal CVE records. Maybe you feel the same way I do. CPU is one of the key topics of the vulnerability database. Since the supplier has the right to secrecy. As a computer user, all you have to do is patch.
Background: AMD engineers that made the “Zen” architecture powering every AMD processor available today, from AMD Ryzen™ desktop and mobile processors, to AMD EPYC™ CPUs, and AMD Threadripper™ CPUs. It all started with “Zen”. AMD Epyc CPU codenames follow the naming scheme of Italian cities, including Milan (3rd Gen 2021), Rome (2nd Gen 2019) and Naples (1st Gen 2017). The system management unit (SMU) is tasked with the job of continuously sampling sensory data and making rapid corrections to various circuits on the chip. Ryzen SMU is a Linux kernel driver that exposes access to the SMU (System Management Unit) for certain AMD Ryzen Processors.
Vulnerability details: Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
Reference: Traditionally, There are two main types of kernel locks. The fundamental type is the spinlock (include/asm/spinlock[.]h). The second type is a mutex (include/linux/mutex[.]h): it is like a spinlock, but you may block holding a mutex.
Preface: The basic idea behind AIO is to allow a process to initiate a number of I/O operations without having to block or wait for any to complete.
Background: System calls are how a program enters the kernel to perform some task. Programs use system calls to perform a variety of operations such as: creating processes, doing network , file IO,…etc. io_uring is an asynchronous I/O interface provided by Linux. The implementation of io_uring uses only three syscalls: io_uring_setup, io_uring_enter and io_uring_register. io_uring gets its name from ring buffers which are shared between user space and kernel space.
There is a size limit of 1GiB per buffer. Currently, the buffers must be anonymous, non-file-backed memory, such as that returned by malloc(3) or mmap(2) with the MAP_ANONYMOUS flag set. Do you think it is possible to launch a remote attack through this vulnerability (CVE-2023-0240)? Perhaps possible. It can exploit Kernel Driver mmap Handler Exploitation.
Ref: The use-after-free vulnerability exploits a mistake made by the original author of a software and can result in devastating effects that range from remote code execution to the leaking of sensitive data.
Vulnerability details: There is a logic error in io_uring’s implementation which can be used to trigger a use-after-free vulnerability leading to privilege escalation. In the io_prep_async_work function the assumption that the last io_grab_identity call cannot return false is not true, and in this case the function will use the init_cred or the previous linked requests identity to do operations instead of using the current identity. This can lead to reference counting issues causing use-after-free. We recommend upgrading past version 5.10.161.