Preface: The proof of concept for this vulnerability has been announced. As usual, vendors use their patch release cycle. Therefore, an announcement was issued today (June 8, 2021).

Background: SAP NetWeaver is a software stack for many of SAP SE’s applications. It can be used for custom development and integration with other applications and systems, and is built primarily using the ABAP programming language, but also uses C, C++, and Java.

Vulnerability details: [CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform Product – SAP NetWeaver AS ABAP and ABAP Platform Versions – 700,701,702,731,740,750,751,752,753,754,755,804.
An ABAP server could not 100% correctly identify, if communication via RFC (TCP 3300-3399) or HTTP (8000) is between the application servers of the same SAP system or with servers outside the same system.

For official details, please refer to the URL – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Preface: Nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips. This driver is written by a group of independent software engineers. Nvidia sometimes will be assistance.

Background: What is DRM subsystem? The Direct Rendering Manager (DRM) is a subsystem of the Linux kernel responsible for interfacing with GPUs of modern video cards. DRM exposes an API that user-space programs can use to send commands and data to the GPU and perform operations such as configuring the mode setting of the display.

Vulnerability details:

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers[/]gpu[/]drm[/]nouveau[/]nouveau_sgdma[.]c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. For example, if this is a virtual system environment. Fundamentally, nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips.The potential impact of this vulnerability depends on the attack in where to take place.

Workaround: Kernel with CONFIG_SLAB_FREELIST_HARDENED=y option enabled should not be affected with this flaw.

Remedy: This was fixed for Fedora with the 5.7.16 stable kernel updates.

Preface: This vulnerability affects other vendors’ use of this product for their single sign-on function.

Background: Lasso is a free software C library aiming to implement the Liberty Alliance standards; it defines processes for federated identities, single sign-on and related protocols.Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception).

Vulnerability details: Lasso incorrect assertion validation and verification. When AuthnResponse messages are not signed (which is permitted by the specification), all assertion’s signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion.

IMPACT:

• SOGo and PacketFence packages use the vulnerable Lasso library so it was impacted.
• Cisco (Adaptive Security Appliance (ASA), Content Security Management Appliance (SMA), Email Security Appliance (ESA), FXOS software, Web Security Appliance (WSA), and Firepower Threat Defense (FTD) as being affected)

Reference URL – https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html

Preface: Open data indeed is a foundation base of smart City. Since it is not only provide function. Meanwhile it also analyses the daily activities make the IoT function more efficiency. If no hacker in the world. We can living in world more comfortable because we do not need to concern about cyber security. As we know, the electronic & digital products objective is the function instead of defense.

Background: As time goes by, IoT in smart city not only relies on WiFi network. It also includes Bluetooth communication function. Compare with WiFi 802.11, Bluetooth power consumption is less. So the IoT can operate in a capillary network environment. A capillary network is a local network that uses short-range radio-access technologies to provide local connectivity to things and devices.

Vulnerability details: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure. For more detail, please refer url – https://kb.cert.org/vuls/id/799380

Workaround: Devices should not accept their own public key from a peer during a pairing session. The pairing procedure should be terminated with a failure status if this occurs. This is because the specifics events will be activate the SIEM correlation firing rule.

Synopsis: Retrospectively of 2019 Apache load balancer setup – Install Apache on the Load Balancer Server. Enable Proxy Server Modules. Configure Apache Load Balancing. The Apache server architecture includes the Apache Core and modules. Nginx found 2004, it is a performance-oriented HTTP server. Compared with Apache and lighttpd, it has the advantages of less memory and higher stability.
NGINX performs 2.5 times faster than Apache according to a benchmark test performed by running up to 1,000 simultaneous connections. Apache runs on all operating systems such as UNIX, Linux or BSD and has full support for Microsoft Windows. Nginx had equivalent capability. However the performance on Windows is not as stable as that on UNIX platforms.

Vulnerability details: On May 26, Nginx issued a security announcement to fix a DNS resolver vulnerability in the nginx resolver (CVE-2021-23017). Due to an error in ngx_resolver_copy() processing DNS responses, when the “resolver” is used in the nginx configuration file During the command, an unauthenticated attacker can forge a UDP packet from a DNS server, construct a specially crafted DNS response and cause 1 byte of memory to be overwritten, resulting in a denial of service or arbitrary code execution.

Vendor Reference: http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

Preface: There are plenty of astronomical events every year.
In the evenings of 26 May 2021, it was total lunar eclipse. Do you believe rumours of super moon (astronomical phenomenon)?

Background: Virtual SAN Health check plugin checks all aspects of a Virtual SAN configuration. It implements a number of checks on hardware compatibility, networking configuration and operations,
advanced Virtual SAN configuration options, storage device health as well as virtual machine object health. The Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.

Vulnerability details: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CVE-2021-21985 – VMSA-2021-0010 (Virtual SAN Health Check Plugin)

CVE-2021-21986 – VMSA-2021-0010 (Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Plugins)

Workaround: Plugins must be set to “incompatible.” On vCenter Linux and Windows platforms, simply disabling plugins from within the UI will not prevent exploitation.

Official announcement – https://www.vmware.com/security/advisories/VMSA-2021-0010.html