Preface: Space Layout Randomization (ASLR) to defend against memory corruption attacks. However, Intel Software Guard Extension (SGX), it is capability protects selected code and data from disclosure or modification. From security point of view, it provides an advance protection than before.

Vulnerability detail: Double free in Intel(R) SGX SDK for Linux before version 2.2 and Intel(R) SGX SDK for Windows before version 2.1 may allow an authenticated user to potentially enable information disclosure or denial of service via local access.

Synopsis: About double free vulnerability
Refer to the scenario of attach diagram, it shown that the same chunk will be returned by two different ‘mallocs’. Both the pointers will point to the same memory address. If one of them is under the control of an attacker, he/she can modify memory for the other pointer leading to various kinds of attacks (including code executions).

Official announcement: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00217.html

Preface: VMware Horizon Client for Android and iPhone makes it easy to work on your VMware Horizon virtual desktop and hosted applications from your smartphone.

About security advisory annoucement by VMware: The VMware Horizon Connection Server contains an information disclosure vulnerability. Successful exploitation of this issue may allow disclosure of internal domain names, the Connection Server’s internal name, or the gateway’s internal IP address.

My observation: Refer to route path 1,2,3 and 4 (refer to diagram). Because this application can run at Layer 4, transparency is enforced. Transparency takes a higher priority than Subnet Originating Requests. Therefore, if transparency is enabled on the Virtual Service and Subnet Originating Requests is enabled globally, the Virtual Service still uses transparency. The Real Server sees traffic from this virtual service originating with the client’s source IP address (transparency).

Reference: VMware announcement – 14th Mar 2019

https://www.vmware.com/security/advisories/VMSA-2019-0003.html

https://www.vmware.com/security/advisories/VMSA-2019-0002.html

Preface: With the exif extension you are able to work with image meta data. PHP capable to update the date in the exif photo headers by script. The headers includes the following: Time taken,Time modified,The camera make,The camera model,..

Design objective of exif_process_IFD_in_TIFF:
Parse the TIFF header.

Vulnerability Found:
When execute test script, Memcheck by valgrind.org determined that an undefined value is being used in a dangerous way from exif_process_IFD_in_TIFF.

My speculation:
Short registration process helps to get more subscribers to your website. Login with Facebook is a quick and powerful way to integrate registration and login system on the website. PHP SDK allow accessing the Facebook API from the web appliction. But to get started with the latest version of Facebook SDK v 5.x, make sure your system meets the following requirements.
PHP version should be 5.4 or greater.
What if, servers whose originally connect to facebook which install PHP version 7.X. They are all compromised because of vulnerability. In the mean time, they will start attack to the facebook. Do you think this is the story began on 14th Mar 2019?

Remedy: Upgrade http://php.net/downloads.php

Preface: The CSP-C’s basic function is to discover the network elements and collect information from those elements.Basically the design goal is to enhance the overall detective and preventive control in the IT infrastructure.

Technical highlight: To perform the Network Discovery and Data Collection operations the CSP-C needs the following credentials: SNMP Read Only community,Telnet or SSH credentials,HTTP or HTTPS credentials.Not every device needs to be accessed via CLI or SOAP; however SNMP is required for all devices.

Vulnerability detail: The affected software has a user account with a default, static password.

Vendor announcement:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv

Preface: Python is used quite a lot in robotics. Apply artificial intelligence to robots using Python .

Why choose Python?
Less Code: Python can implement the same logic with as much as 1/5th code as compared to other OOPs languages.

Prebuilt Libraries: include Numpy for scientific computation, Scipy for advanced computing and Pybrain for machine learning.

Vulnerability detail – announce on 6th Mar 2019:
A vulnerability in the the urllib.parse.urlsplit and urllib.parse.urlparse components of Python could allow an unauthenticated, remote attacker to obtain sensitive information from a targeted system.

Official announcement: https://bugs.python.org/issue36216

Preface: OAuth has become a standard for third-party applications to communicate with the APIs of popular web sites, such as Facebook, Twitter, and Foursquare, to name a few.

Technical background: Currently, the two major versions of OAuth are 1.0(a) and 2.0. With Spring Security and its OAuth 2.0 support, the OAuth (Open Authorisation) is a standard for authorisation of resources. You can set it up to automatically propagate your access tokens from one app to the other, ensuring that everything stays secure and encrypted along the way.

Vulnerability detail: A vulnerability in Pivotal Spring Security OAuth could allow an unauthenticated, remote attacker to conduct an open redirect attack on a targeted system. A successful exploit could cause the authorization server to redirect the resource owner user-agent to an attacker-controlled URI, providing the attacker with sensitive information.

Official announcement: https://pivotal.io/security/cve-2019-3778

Preface: On 6th Mar, 2019, Cisco announcement that there are vulnerabilities found on Cisco FXOS and NX-OS Software. The total 26 of the vulnerabilities have a Security Impact Rating (SIR) of High. Successful exploitation of the vulnerabilities could allow an attacker to gain unauthorized access.

Technical background:
Cisco NX-OS based on Wind River Linux and is inter-operable with other Cisco operating systems. The command-line interface of NX-OS is similar to that of Cisco IOS. Recent NX-OS has both Cisco-style CLI and Bash shell available.

Status update on 11th Mar 2019: The vulnerability is due to a failure to impose strict filesystem permissions on the targeted device.
For more details, please refer url: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-file-access

My speculation: Sometimes if OS platform has unrestricted directory permissions could allow an unauthenticated, remote attacker to upload an arbitrary file. This file could allow the attacker to execute commands at the privilege level.

Preface: If your company hasn’t been performing load testing, it is hard to know the web application actual performance. Deploying JMeter will display the test results in a graph updated in real time.

Synopsis: Perhaps software developers did not imagine that JMeter design weakness will be hazardous of web server. And therefore we might found Jmeter function still activate after services launch.

Vulnerability detail: Apache JMeter Missing client auth for RMI connection when distributed test is used. And therefore attacker could exploit this vulnerability by establishing a Remote Method Invocation (RMI) connection with a jmeter-server while using the RemotejMeterEngine interface.It such a way let attacker execute arbitrary code on a targeted system.

Remedy: Apache.org has released an update at the following link: https://jmeter.apache.org/download_jmeter.cgi

Preface: Container Privilege Escalation Vulnerability Affecting Cisco Products status update

Description: IT world is safe again, Cisco you are super again! There is only 3 items of Cisco product involves into the Container Privilege Escalation Vulnerability found on last month (Feb 2019). Remedy has been proceed. Further details in below:

Network Management and Provisioning:

• Cisco Container Platform – Fixed Release Availability: 3.1.0 (Mar 2019)

Cisco Cloud Hosted Services:

• Cisco Cloudlock – Cisco will update affected systems in Sept 2019
• Cisco Defense Orchestrator – Cisco updated affected systems
  On-prem: 19.8 (Available)

Official details: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190215-runc