In the past, servers would physically connect to a hardware-based switch located in the data center. When VMware created server virtualization the access layer changed from having to be connected to a physical switch to being able to connect to a virtual switch. This virtual switch is a software layer that resides in a server that is hosting virtual machines (VMs). VMs, and now also containers, such as Docker, have logical or virtual Ethernet ports. These logical ports connect to a virtual switch.

There are total 3 items of vulnerabilities found few months ago (Jun 2018). From security point of view, I focus on CVE-2018-17206 since vulnerability can let attacker relies on maliciously exploited to access privileged information.

References:

CVE-2018-17206 – https://access.redhat.com/security/cve/cve-2018-17206

CVE-2018-17204 – https://access.redhat.com/security/cve/cve-2018-17204

CVE-2018-17205 – https://access.redhat.com/security/cve/cve-2018-17205

Perhaps we believe that the vulnerability of industrial automation system or SCADA merely happens on Microsoft product. As a matter of fact, Linux OS base system do not have exception. They are also vulnerable!

Below vulnerabilties details was found on Rockwell RSLinx Classic. RSLinx Classic is an inclusive communication server which provides plant-floor device connectivity for a wide variety of Rockwell Software applications such as RSLogix 5/500/5000, RSView32, FactoryTalk View Site Edition & FactoryTalk Transaction Manager. RSLinx provides connectivity for client applications using OPC or DDE. OPC is the preferred interface for data acquisition applications because it is the Defacto standard for factory communications.

References:

STACK-BASED BUFFER OVERFLOW – https://www.cvedetails.com/cve/CVE-2018-14829/

HEAP-BASED BUFFER OVERFLOW –https://www.cvedetails.com/cve/CVE-2018-14821/

UNCONTROLLED RESOURCE CONSUMPTION (‘RESOURCE EXHAUSTION’) – https://www.cvedetails.com/cve/CVE-2018-14827/

The Mid-Autumn Festival is a harvest festival celebrated notably by the Chinese and Vietnamese people. Perhaps this is a specify day for celebration and traditional people will take rest and do the family dinner gathering.Cyber world operation looks does not have holiday. This is the robot life. Perhaps you and me do not want to become a robot. But we are on the way!

Apple Releases Security Update for macOS Mojave – 24thSep2018

Bluetooth – CVE-2018-5383
Impact: An attacker in a privileged network position may be able to intercept Bluetooth traffic

App Store – CVE-2018-4324
Impact: A malicious application may be able to determine the Apple ID of the owner of the computer

Application Firewall – CVE-2018-4353
Impact: A sandboxed process may be able to circumvent sandbox restrictions

Auto Unlock – CVE-2018-4321
Impact: A malicious application may be able to access local users AppleIDs

Crash Reporter – CVE-2018-4333
Impact: An application may be able to read restricted memory

Kernel – CVE-2018-4336, CVE-2018-4344
Impact: An application may be able to execute arbitrary code with kernel privileges

Security – CVE-2016-1777
Impact: An attacker may be able to exploit weaknesses in the RC4 cryptographic algorithm

Reference: https://support.apple.com/en-us/HT209139

Nowadays, the trend of business industries are bring their application on top of Cloud services. But some of the firm has reluctant to cloud because they are concerning about data breaches, data ownership and different areas of law regulations. As a matter of fact, doing the cyber security protection on your own or without managed sercurity services looks not in the right direction. As a result , there are more project development priority to select cloud services application platform. The hottest one is the SAP.

Vendor SAP do the vulnerability managment looks fine since they are the market leader. As we know, the security patch day announced on 11th September 2018. Yes, it is above one week ago. I observe this round of patch management have 2 items awaken company CSO thinking. Even the medium piority of vulnerability items also contain potential risk. For instance CVE-2018-2454,CVE-2018-2455 and CVE-2018-2461. The first and second CVE issues (CVE-2018-2454 & CVE-2018-2455 )are lack of authorization check. In the sense that this type of indirect privileges escalation causes by insider threats. So a careless user will be jeopardize or compromised the system.The last one (CVE-2018-2461) indicate the vulnerability happend in SAP HCM. The SAP Fiori app suite for HCM makes use of SAP’s new UX strategy to help your employees, irrespective of any level, to trigger different HR needs, such as paid leave application, viewing of pay stubs. The vulnerability belongs to data privacy is also lack of authorization check. So medium severity of vulnerability sometimes will also be dangerous. Should you have interest to know more, please refer to below url.

SAP Security Patch Day – September 2018

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993

Does it a design flaw or it is a ………..?

While exploring her new home, a girl named Coraline discovers a secret door, behind which lies an alternate world that closely mirrors her own but,…..

Remediation announcement – Cisco Video Surveillance Manager Appliance Default Password Vulnerability – 2018 September 21 (below url for reference)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180921-vsm

Similar vulnerability found on Cisco products within this year, is it a coincidence? (see below):

CVE-2018-0150 – Cisco IOS XE static credential default account
CVE-2018-0222 – Digital Network Architecture Center Static Credentials Vulnerability
CVE-2018-0268 – bypass for a Kubernetes container management subsystem embedded inside Cisco’s DNA Center.
CVE-2018-0271 – An authentication bypass in the DNA Center’s API gateway.
CVE-2018-0375 – vulnerability in the Cluster Manager of Cisco Policy Suite
CVE-2018-0329 – The hardcoded credentials resides in the read-only SNMP community string in the configuration file of the SNMP daemon,
CVE-2018-15427 – Cisco Video Surveillance Manager Appliance Default Password Vulnerability

SCADA helps people automate our world. It includes water, wastewater, and storm water management,Oil and Gas,Electricity,Transit systems and traffic,Facilities,Agriculture and Manufacturing.

OPC UA can be used for supervisory control, now eliminating the use of Windows-based intermediate systems to streamline the data transfer process from the field and control levels vertically to the management and enterprise levels. Recently found Buffer overflow in OPC UA applications. It allows remote attackers to trigger a stack overflow with carefully structured requests. Stack buffer overflow can be caused deliberately as part of an attack known as stack smashing. Buffer overflows in the stack segment may allow an attacker to modify the values of automatic variables or execute arbitrary code.

Official announcement shown as below URL:

https://opcfoundation-onlineapplications.org/faq/SecurityBulletins/OPC_Foundation_Security_Bulletin_CVE-2018-12086.pdf

What is BIND 9? BIND is open source software that enables you to publish your Domain Name System (DNS) information on the Internet, and to resolve DNS queries for your users.

On 2006, named.conf parser design limitation found by Anonymous Monk. He list out the following.

• BIND::Conf_Parser – doesn’t deal with 9.x
• BIND::Config::Parser – bails out with ‘Bad text’ on my named.conf
• Cpanel – near to impossible to cut out something usable outside cpanel
• Webmin – seems to deal only with bind 8.x
• the /usr/sbin/named-checkconf utility packed with bind.9 – gives just an OK/not ok verdict upon named.conf, no way to store the underlying structure.

Announce design flaw – Sep 2018

The krb5-subdomain and ms-subdomain update policy rule types permit updates from any client authenticated with a valid Kerberos or Windows machine principal from the REALM specified in the identity field, to modify records in the zone at or below the name specified in the name field.

Remark: A Kerberos realm is a set of managed nodes that share the same Kerberos database.

CVE-2018-5741: Update policies krb5-subdomain and ms-subdomain – https://kb.isc.org/docs/cve-2018-5741

Summary:

ISC BIND before releases 9.11.4-P2 and 9.12.2-P2 does not properly document the behaviour of the krb5-subdomain and ms-subdomain update policies.

Reference – Vulnerabilities announced last few months

8th Aug 2018 – ISC Releases Security Advisory for BIND

June 13, 2018 – ISC Releases Security Advisory for BIND

May 18, 2018 – ISC Releases Security Advisories for BIND

Adobe has released security updates to address vulnerabilities in Adobe Acrobat and Reader. Electronic document transform to an attacking tools are worry in cyber security world so far. The fact is that it is hard to detect such indirect attack. The simple we will know it is easy to evade the defense machanism. A malicious user can pass a `cff` font file to the application to cause a heap-based buffer overflow that can lead to an out-of-bounds write. This can cause the application to crash or overwrite values in the heap. If it overwrite chunk header, corrupt free(), but program doesn’t crash. It will be very dangerous!

Don’t underestimate! Offical URL shown as below:

https://helpx.adobe.com/security/products/acrobat/apsb18-34.html