All posts by admin

Potential Risk of CVE

libssh Authentication Bypass Vulnerability Affecting Cisco Products and additional critical item – 31st October 2018

Background:
Libssh is a library written in C implementing the SSH protocol. It can be used to implement client and server applications.
Vulnerability found on 17th Oct 2018:

The technical details are as follows, please refer to the URL:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181019-libssh

In addition, another important vulnerability announced this week is for your consideration.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180502-prime-upload

Reference: Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

Libssh Server-Side State Machine Unauthorized Access Vulnerability – 17thOct2018

 

Potential Risk of CVE

Cisco zero-day interfer ASA 9.4+ and FTD 6.0+ software operation – 31st Oct 2018

Just read articles recommend of my friend. It reminded me that Cisco Adaptive Security Appliance Software and Cisco Firepower Threat Defense Software encounter Denial of Service Vulnerability.This vulnerability recorded CVE-2018-15454. A design weakness resides in the Session Initiation Protocol (SIP) inspection engine of ASA and FTD software.

The interim remedy solution shown as below:
hostname(config)# policy-map global_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# no inspect sip
hostname(config-pmap)# exit
hostname(config)# policy-map sip_policy
hostname(config-pmap)# class-map inspection_default
hostname(config-pmap)# inspect sip
hostname(config-pmap)# exit
hostname(config)# service-policy sip_policy interface [interface]

Official technical details shown as below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos

Besides there is another vulnerabilities occurs in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software simultaneously.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-asa-dma-dos

2018

Apache Releases Security Update for Apache Tomcat JK Connectors – 31st Oct 2018

A reverse proxy is not totally transparent to the application on the backend. When the application on the backend returns content including self-referential URLs using its own backend address and port, the client will usually not be able to use these URLs.
Deploy Apache Tomcat Connector (mod_jk) can easy to solve these technical problem. It supports the load balancing of HTTP calls to a set of Servlet containers, while maintaining sticky sessions and communicating over AJP.
Regarding to vulnerability detail of CVE-2018-11759, it shown that Apache Tomcat JK (mod_jk) Connector design flaw contains path traversal vulnerability.
My speculation is that such vulnerability will be effected SME firm web application server. If the vulnerability occurs, it provides a way let’s attacker trace the target destination especially the location services account file.

For more details, please refer below url for reference.

http://mail-archives.us.apache.org/mod_mbox/www-announce/201810.mbox/%3C16a616e5-5245-f26a-a5a4-2752b2826703@apache.org%3E

 

 

Potential Risk of CVE

Qualcomm Technologies Security Bulletin – October 2018

Few years ago, when your friend ask you which is the best smartphone in the world. Seems it is easy to answer. Perhaps the zero day attack and malware wreak havoc today. So it is hard to answer those question in quick!

We are now familiar with vulnerability terms especially stack-based buffer overflow, privilege escalation and lack of Input Validation. Qualcomm  Snapdragon is a suite of system on a chip (SoC) semiconductor products for mobile devices designed and marketed by Qualcomm Technologies Inc. The Snapdragon central processing unit (CPU) uses the ARM RISC instruction set.The Snapdragon 800 series is the top tier of Qualcomm’s processor. However the design weakness found on Snapdragon have plenty.  For more details, please find below url for reference.

https://www.qualcomm.com/company/product-security/bulletins

Remark: We see many people walking on the street daily. However they are insists to look at the smartphone even though cross the road. It is hard to imagine that if their phone has flaw and not able to use for 1 day. What will be happen afterwards?

Potential Risk of CVE

Apple Releases Multiple Security Updates – 30th Oct 2018

Apple Releases Multiple Security Updates on product especially IOS 12.1.
Are you going to update as soon as possible or observe for a moment then action?
Can we say, we are now alive Insane technology world and suffer with vulnerability daily!

Safari 12.0.1
https://support.apple.com/en-us/HT209196

iCloud for Windows 7.8
https://support.apple.com/en-us/HT209198

iTunes 12.9.1
https://support.apple.com/en-us/HT209197

watchOS 5.1
https://support.apple.com/en-us/HT209195

iOS 12.1
https://support.apple.com/en-us/HT209192

tvOS 12.1
https://support.apple.com/en-us/HT209194

macOS Mojave 10.14.1, Security Update 2018-001 High Sierra, Security Update 2018-005 Sierra
https://support.apple.com/en-us/HT209193

 

Potential Risk of CVE

A flaw was found in xorg-x11-server – Oct 2018

A flaw was found in xorg-x11-server. X.Org Server is the free and open-source implementation of the display server for the X Window System. It is very common in computing environment. But IT administrator must stay alert whether your have Linux Desktop install on top of your VM infrastructure. Since a flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.

Reference shown as below:

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14665

Potential Risk of CVE

Advantech WebAccess remain vulnerable (8.3.1 & 8.3.2) – Oct 2018

1 Comment

Advantech WebAccess remain vulnerable (8.3.1 & 8.3.2)

When vulnerability allows an attacker to execute “arbitrary code”, it typically means that the hacker can run any command. Although critical facilities especially Petroleum, electricity, Gas and water SCADA infrastructure are prohibited setup internet access function. However to cope with modernization. It is hard to avoid to do the network integration. Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing & embedded systems. We found that both two different version of web access function has vulnerabilities occurs. See whether this information is related to your expertise area. For more details, please see below:

Advantech ICSA-18-296-01 WebAccess Multiple Security Vulnerabilities

https://www.securityfocus.com/bid/105728

  • CVE-2018-15703: Multiple Reflected Cross-Site Scripting
  • CVE-2018-15704: Authenticated Stack Buffer Overflow

https://www.tenable.com/security/research/tra-2018-33

2018, cyber security incident news highlight

Off-color humor – Cathay Pacific hack (9.4 million airline passengers data stolen by data thief)

Asia world seems feel shot of the Cathay Pacific Airline cyber security incident. To be honest, it is hard to avoid computer vulnerabilities occurs in business circumstances today. Why? It is a demanding environment includes comprehensive competition. Business man try a way to find out the cost efficiency solution. Meanwhile, it unintended to push a indirect task force to the technology domain. What is it? A short system and software design development cycle. Perhaps the developers cannot stop laughing when they read the text book mention about Maturity Models for Information Systems.
People did not have awareness of personal data privacy last decade. May be the junk email and phone call awake their awareness.
In my personal point of view, data privacy is more important of the rich people especially celebrity and politicians. Oh! yes, they are the frequent travelers.
Attached diagram is my imagination regarding to this incident. Yes, this is only my speculation since nobody know what is happened last few months, right?

Related information:

http://www.antihackingonline.com/cyber-security-incident-news-highlight/cathay-pacific-hack-personal-data-of-up-to-9-4-million-airline-passengers-stolen/

2018, cyber security incident news highlight, Under our observation

Cathay Pacific hack: Personal data of up to 9.4 million airline passengers stolen.

From public safety point of view, if a enterprise firm found 9.4 million personal records steal by hacker. Since the firm postpone the announcement schedule. From technical point of view. the law enforcement must require to interview with the firm top management to understand the root cause.

Regarding to my observation, the cyber security incident roadmap in airline industry looks special. Nippon found TLS could allow attacker man-in-the-middle attack on Jun. Thereafter British Airways announce that total 380,000 customers’ bank details stolen by hacker. However both 2 items of cyber security incident announce to public in acceptable manner.

From technical point of view, it was not possible leak such big amount of data from TLS vulnerability and mobile apps programming bug. It shown that such vulnerability most likely given by SQL injection attack. This is so called SQL injection vulnerabilities dumping the DB.

For more details of above cyber security incident records, please refer below url for reference.

Cathay Pacific hack – https://www.scmp.com/news/hong-kong/law-and-crime/article/2170107/hong-kong-privacy-chief-slams-cathay-pacific-taking

British Airway announcement – 7th Sep 2018 (380,000 customers’ bank details stolen from website)

British Airway announcement – 7th Sep 2018 (380,000 customers’ bank details stolen from website)

25th Oct 2018 – BA status update

http://mediacentre.britishairways.com/pressrelease/details/86/2018-247/10234

Jun 2018 – ALL NIPPON Airways Security Advisories

Jun 2018 – ALL NIPPON Airways Security Advisories

 

Potential Risk of CVE

Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App Releases Security Updates – October 24, 2018

Cisco Webex Productivity Tools and the Cisco Webex Meetings Desktop App Releases Security Updates – October 24, 2018

Due to design weakness of ACL, WebExService that can execute arbitrary commands at SYSTEM-level privilege.

Below remedy only reset the service to the default permission.

sc sdset webexservice D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)(A;;CCLCSWRPWPLORC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)

But you should update your Cisco Webex Meetings Desktop App installation to a 33.6.0 or later release since WebExService will still be vulnerable to local privilege escalation, though, without the patch!

Below details is the official announcement for your reference.

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181024-webex-injection