Preface: On macOS, dynamic-link libraries are known as dylib files. This is the equivalent to a DLL on Windows and a shared library (or .so library) on Linux.
Background: ctypes is a foreign function library for Python. It provides C compatible data types, and allows calling functions in DLLs or shared libraries. It can be used to wrap these libraries in pure Python.
Design objective: Calling C++ libraries from Python allows the developer to build an application that takes advantage of the best of Python and C++. The result is an application that combines both speed and simplicity.
Vulnerability details: There’s a buffer overflow in the ctypes PyCArg_repr() function. (Disclosure date: 2021-01-16)
Design weakness: There’s a buffer overflow in the PyCArg_repr() function in _ctypes/callproc.c. The buffer overflow happens due to not checking the length of specify sprintf() function.
Technical Supplement: A large computer foot print around the world in the office is Microsoft window base machine. Therefore DB infrastructure integrate to Active Directory is common. Windows AD server classic way is Kerberos authentication. Oracle database competence support Kerberos. So called configuring the Kerberos authentication adapter. On Nov 2020 Microsoft do the remediation of Kerberos KDC Security Feature Bypass Vulnerability (CVE-2020-17049). When you read the official of Oracle vulnerability (CVE-2021-2018), it say, it is only affects Windows platform only. OK, be my guest. Using your imagination to understand this vulnerability. Great day, great fun!
Ref 1: To setup Kerberos on oracle DB. We will need to make changes in three places: DB Server, Client Workstation & Active Directory.
Preface: I found logic bugs that allow audio or video to be transmitted without user consent in five mobile applications including Signal, Duo and Facebook Messenger, said Natalie Silvanovich.
Background: Bugs in Signal, Google chat apps let attackers spy on users. Such vulnerability is given by programming code, and was not due to WebRTC functionality. Furthermore , expert found that facebook messenger is vulnerable to this matter perhaps they are not using WebRTC. Facebook official say that they use ‘fbthrift’. What is Thrift. Facebook’s branch of Apache Thrift, including a new C++ server.\ \.
Reference: Instrumentation technology
Instrumentation technology refers to injecting additional code into the program to collect runtime information. It can be divided into two types:
(1) Source Code Instrumentation (SCI): Additional code is injected into the program source code.
(2) Binary Instrumentation: Extra code is injected into the binary executable file.
●Static Binary Instrumentation (SBI): Insert additional code and data before program execution to generate a permanently changed executable file.
●Dynamic Binary Instrumentation (DBI): Insert additional code and data in real time while the program is running, without any permanent changes to the executable file.
Preface: On August 27, 2015 Cisco announced it has completed the acquisition of OpenDNS (now branded as Cisco Umbrella). Perhaps they predict that this day will come.
Background: dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server, router advertisement and network boot features, intended for small computer networks. Dnsmasq is common in Internet-of-Things (IoT) and other embedded devices.
Preface: Quite a lot of UEFI vulnerabilities and hardware misconfigurations have been found in past. This is an alert signal. As a matter of fact, the problem is that it’s very difficult to get malicious code into UEFI systems.
Background: Reading the first sector from a disk and loading it to 0x7C00 is a BIOS specific booting protocol. But it never been use. It is a old technology. UEFI bootloaders are loaded from a filesystem. UEFI requires the firmware and operating system loader (or kernel) to be size-matched; for example, a 64-bit UEFI firmware implementation can load only a 64-bit operating system (OS) boot loader or kernel.
Synopsis: A local attacker with access to system memory may exploit the UEFI vulnerability attack. Perhaps this is not the only way.
Synopsis: What is a Reparse Point? According to official information by Microsoft, In NTFS Filesystem, there is a concept called “reparse point. The traditional NTFS junctions and Win10 “Unix-like” symlinks are two different kinds of reparse points. Starting in Windows 10, version 1607, for the unicode version of this function (FindFirstFileW), you can opt-in to remove the MAX_PATH character limitation without prepending “\\?\”.
Vulnerability details: The existing design weakness affects the function File.getCanonicalPath of the component NTFS File System Handler. The manipulation with an unknown input leads to source code disclosure vulnerability. For details, see attached diagram
Background: Linux pam originated from the open source implementation of the software DCE-RFC of Sun, a well-known manufacturer later acquired by Oracle. PAM is called Pluggable Authentication Modules, which can be inserted into authentication modules. Various authentication modules and plug-ins can be dynamically introduced for authentication without reloading the system, very flexible.
Vulnerability details: When the user doesn’t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate.
Reason: The default options set on pam_pwquality above include local_users_only, which tells pam_pwquality to ignore users that are not in the local [/]etc[/]passwd file. However, the blank check could return 1 if root had empty password because in the second case (refer to diagram) the password hash of root was used.
Background: In November 2020, lots of DeFi platforms in Ethereum encounters a security incident, such as Pickle Finance, 88mph.
What Is Decentralized Finance (DeFi)? By deploying immutable smart contracts on Ethereum, DeFi developers can launch financial protocols and platforms that run exactly as programmed and that are available to anyone with an Internet connection.
What Are Flash Loans in DeFi? A loan from strangers is possible in DeFi. In order to fulfill this request. The individuals should repay the lender in the same transaction that issued the funds.
Vulnerability details: The Farm contract is deployed in every Seal pool and the function breed() in the contract is used to issue new Seal tokens.However there is no access control designed for the breed() function, anyone can calls the breed() function of the Farm contract.
Preface: Neither shellcode or shellcode injection have anything to do with shell scripting. It is a sophisticated way of finding a vulnerable spot on the cyber security layer of an organization and exploiting it for malicious purposes.
Background: Azure Sphere is a secured, high-level application platform with built-in communication and security features for internet-connected devices. The platform consists of the integration of hardware built around a secured silicon chip; the Azure Sphere OS (operating system), a custom high-level Linux-based operating system; and the Azure Sphere Security Service, a cloud-based security service….
About “PACKET_MMAP” function: From official article, it illustrated below: PACKET_MMAP provides a size configurable circular buffer mapped in user space that can be used to either send or receive packets. However a design weakness has occured! The mmap‘ed memory buffer will be filled by the kernel when using PACKET_RX_RING. As a result, the user’s process, it’s enough to mmap a buffer with PROT_READ|PROT_EXEC permissions flags, and let the kernel fill the buffer.
What is the difference between GET and POST? In HTTP GET Method, it is not allowed to pass data in message-body, because it is GET. The original POST is to send the form data in the message-body. In addition, multi-part encoding will be used when sending files, and the files and other form fields will be placed in the message-body for sending.
Vulnerability details: It is possible to use various shell metacharacters to inject arbitrary OS commands. The command output does not appear to be returned in the application’s responses, however it is possible to inject time delay commands to verify the existence of the vulnerability. For more details, please refer below url: https://nvd.nist.gov/vuln/detail/CVE-2020-25494