Preface: Our daily life is relies on Cloud computing system. Smart City, GPRS, mapping & spatial analytics technology their backend system are located on cloud. Apart of cloud system operation and architecture. The inter network empower its life.

Background: In our digital world , networks packet processing functions are dynamically injected into the network. Each packet may carry the processing code that routers apply to the network when they perform forwarding functions. Furthermore, Ingress packets are temporarily stored in the internal dispatcher packet buffer until processed. When a feature is not supported in the CEF switching path, the punt adjacency allows a packet to be switched using the next slower switching mechanism configured on the router. Once packet processing is complete and the packet has been modified.The packet is copied from the internal packet buffer to the deep output packet buffer, where it awaits scheduling for output.

Technical highlights: The ingress processing gets executed for each packet that is received on the ingress interface (MAC). The processing should decode the packet headers and determine where the packet shall be sent. When a feature is not supported in the CEF switching path, the punt adjacency allows a packet to be switched using the next slower switching mechanism configured on the router.

Current known factors: A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more details. please refer to url – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xr-cp-dos-ej8VB9QY

Preface: Have you heard a terms, so called take Ownership of his Registry key?

Background: CapaSystems helps businesses achieve greater efficiency through Device Management and Monitoring by using CapaInstaller and PerformanceGuard. The purpose for the CapaInstaller Agent Health Check is to maintain a healthy and up to date agent on every computer/server.

Vulnerability details: A security flaw has been found in CapaInstaller, where a user with standard user privileges logged on to a computer with the CapaInstaller Agent installed could escalate their local user rights. For details, please refer to the link below.

https://capawiki.capasystems.com/display/ci/CapaInstaller+6.0+-+Build+101

How to prevent similar matters happen? The efficient way to block users from opening and editing the Registry on Windows 10 is by using the Local Group Policy editor. You can enable Prevent access to registry editing tools policy.

Preface: This vulnerability disclosed one year ago. Perhaps the details of defect you require to know.

Background: Shibboleth is a web-based Single Sign-On infrastructure. It is based on SAML. Shibboleth does not carry out authentication itself. SAML (Security Assertion Mark-up Language) is an umbrella standard that covers federation, identity management and single sign-on (SSO).

Vulnerability details:

The Shibboleth Identity Provider supports a number of login flows that rely on servlets or JSP pages to operate, including External, RemoteUser, X509, and SPNEGO. These flows are vulnerable to a denial of service attack by a remote, unauthenticated attacker, via Java heap exhaustion due to the creation of objects in the Java Servlet container session.

Causes: The use of expressions like “new someclass()” in the webflows, e.g. in the ExternalAuthentication flows, is a denial of service vector for remote attackers because of memory exhaustion if the objects are stored anywhere that isn’t associated with the webflow conversations. The conversations are capped at 5 apparently, and get swapped out for new ones, but storing anything the container session would not be freed and would accumulate.

Remark: Java Heap space is used by java runtime to allocate memory to Objects and JRE classes. Whenever we create an object, it’s always created in the Heap space.

Official announcement: https://shibboleth.net/community/advisories/secadv_20191002.txt

Preface: Sometimes vulnerability causes by misconfiguration.

Vulnerability details: MinGW (http://www.mingw.org/) provides a complete Open Source programming tool set which is suitable for the development of native MS-Windows applications, and which do not depend on any 3rd-party C-Runtime DLLs. For OpenSSL versions 1.1.0 and 1.1.1, the mingw configuration targets assume that resulting programs and libraries are installed in a Unix-like environment. Therefore the default prefix for program installation as well as for OPENSSLDIR should be ‘/usr/local’.
Unfortunately when similar concept implement to MS Windows environment. The /use/local will be world writable.
In additional, some build instructions for the diverse Windows targets on 1.0.2 encourage you to specify your own –prefix.
OpenSSL versions 1.1.1, 1.1.0 and 1.0.2 are affected by this issue.

By default, the OpenSSL directory is /usr/local/ssl. If you perform a config without –prefix and without –openssldir, that’s what you get by default.

Above vulnerability has been recorded on CVE database (CVE-2019-1552). One years more later software vendor (Macrium) encountered similar of design defect (CVE-2020-10143). Please refer to link – https://kb.cert.org/vuls/id/760767

Workaround: Ensure that the OPENSSLDIR path is set to a location that is only writable by the system itself.

Preface: Integrating Oracle BI Presentation Services into Corporate Environments Using HTTP and JavaScript. Java made business operation perfect. Meanwhile, it make people headache!

Background: When called from within an Oracle BI Presentation Services screen, such as a dashboard or an HTML result view, the URL should begin with the following characters: saw.dll?Go

When called from another screen on the same Web server, the URL should begin with the following characters: /analytics/saw.dll?Go

Vulnerability details: Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation) – The ‘getPreviewImage’ function is used to get a preview image of a previously uploaded theme logo. By manipulating the ‘previewFilePath’ URL parameter an attacker with access to the administration interface is able to read arbitrary system files.

Official announcement: https://www.oracle.com/security-alerts/cpuoct2020.html

Preface: Cloud computing build civilization chain. The strongest of AI, Smart City technology will be according to the foundation of cloud.

Technical background: Google Container Registry (GCR) is a service in Google Cloud Platform (GCP) to manage your own docker container repository. This is fully managed service and you can store your custom container images as well as common images from other image repositories.

Vulnerability details: If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers.

Highlights: The manifest supports an optional field for an external URL from which content may be fetched, and it can be any registry or domain.

Remedy: This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected.

Workaround: Ensure that only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected.

Preface: Cross-site scripting (XSS), is a type of attack in which malicious scripts are injected into websites and web applications for the purpose of running on the end user’s device.

Background: VMware Horizon provides virtual desktop and app capabilities to users utilizing VMware’s virtualization technology. A desktop operating system – typically Microsoft Windows – runs within a virtual machine on a hypervisor.

Vulnerability details:

CVE-2020-3998 – If Horizon Client for Windows is installed on the client computer, a malicious attacker may be able to exploit victim local privileges to retrieve hashed credentials.

CVE-2020-3997 – Successful exploitation of this vulnerability on Horizon server. It may allow an attacker to inject and execute malicious script.

Should you have interested to know the details, please refer to attached diagram. For Official announcement, please refer to link – https://www.vmware.com/security/advisories/VMSA-2020-0024.html

Preface: As healthcare organizations look to reduce cost, IT rationalization and process transformation is accelerating as providers adopt cloud strategies.

Background: Oracle Healthcare Foundation is a feature-rich analytics platform that supports more than 35 subject areas relevant to health data analytics,giving healthcare providers more granular data regarding the requirements of individuals and populations.

Vulnerability details: YAML is a human-readable data serialization standard that can be used in conjunction with all programming languages and is often used to write configuration files. A flaw was found in the Apache Commons Configuration, where it uses a third-party library to process YAML files, which by default, allows the instantiation of classes if the YAML includes special statements. Oracle Healthcare Foundation Self-Service Analytics was impact by this vulnerability.

Official announcement – https://www.oracle.com/security-alerts/cpuoct2020.html The articles is bulky, use keyword “CVE-2020-1953” find out the details.