Preface: The proof of concept for this vulnerability has been announced. As usual, vendors use their patch release cycle. Therefore, an announcement was issued today (June 8, 2021).

Background: SAP NetWeaver is a software stack for many of SAP SE’s applications. It can be used for custom development and integration with other applications and systems, and is built primarily using the ABAP programming language, but also uses C, C++, and Java.

Vulnerability details: [CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform Product – SAP NetWeaver AS ABAP and ABAP Platform Versions – 700,701,702,731,740,750,751,752,753,754,755,804.
An ABAP server could not 100% correctly identify, if communication via RFC (TCP 3300-3399) or HTTP (8000) is between the application servers of the same SAP system or with servers outside the same system.

For official details, please refer to the URL – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Preface: Nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips. This driver is written by a group of independent software engineers. Nvidia sometimes will be assistance.

Background: What is DRM subsystem? The Direct Rendering Manager (DRM) is a subsystem of the Linux kernel responsible for interfacing with GPUs of modern video cards. DRM exposes an API that user-space programs can use to send commands and data to the GPU and perform operations such as configuring the mode setting of the display.

Vulnerability details:

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers[/]gpu[/]drm[/]nouveau[/]nouveau_sgdma[.]c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. For example, if this is a virtual system environment. Fundamentally, nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips.The potential impact of this vulnerability depends on the attack in where to take place.

Workaround: Kernel with CONFIG_SLAB_FREELIST_HARDENED=y option enabled should not be affected with this flaw.

Remedy: This was fixed for Fedora with the 5.7.16 stable kernel updates.

Preface: This vulnerability affects other vendors’ use of this product for their single sign-on function.

Background: Lasso is a free software C library aiming to implement the Liberty Alliance standards; it defines processes for federated identities, single sign-on and related protocols.Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception).

Vulnerability details: Lasso incorrect assertion validation and verification. When AuthnResponse messages are not signed (which is permitted by the specification), all assertion’s signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion.

IMPACT:

• SOGo and PacketFence packages use the vulnerable Lasso library so it was impacted.
• Cisco (Adaptive Security Appliance (ASA), Content Security Management Appliance (SMA), Email Security Appliance (ESA), FXOS software, Web Security Appliance (WSA), and Firepower Threat Defense (FTD) as being affected)

Reference URL – https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html

Preface: Open data indeed is a foundation base of smart City. Since it is not only provide function. Meanwhile it also analyses the daily activities make the IoT function more efficiency. If no hacker in the world. We can living in world more comfortable because we do not need to concern about cyber security. As we know, the electronic & digital products objective is the function instead of defense.

Background: As time goes by, IoT in smart city not only relies on WiFi network. It also includes Bluetooth communication function. Compare with WiFi 802.11, Bluetooth power consumption is less. So the IoT can operate in a capillary network environment. A capillary network is a local network that uses short-range radio-access technologies to provide local connectivity to things and devices.

Vulnerability details: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure. For more detail, please refer url – https://kb.cert.org/vuls/id/799380

Workaround: Devices should not accept their own public key from a peer during a pairing session. The pairing procedure should be terminated with a failure status if this occurs. This is because the specifics events will be activate the SIEM correlation firing rule.

Synopsis: Retrospectively of 2019 Apache load balancer setup – Install Apache on the Load Balancer Server. Enable Proxy Server Modules. Configure Apache Load Balancing. The Apache server architecture includes the Apache Core and modules. Nginx found 2004, it is a performance-oriented HTTP server. Compared with Apache and lighttpd, it has the advantages of less memory and higher stability.
NGINX performs 2.5 times faster than Apache according to a benchmark test performed by running up to 1,000 simultaneous connections. Apache runs on all operating systems such as UNIX, Linux or BSD and has full support for Microsoft Windows. Nginx had equivalent capability. However the performance on Windows is not as stable as that on UNIX platforms.

Vulnerability details: On May 26, Nginx issued a security announcement to fix a DNS resolver vulnerability in the nginx resolver (CVE-2021-23017). Due to an error in ngx_resolver_copy() processing DNS responses, when the “resolver” is used in the nginx configuration file During the command, an unauthenticated attacker can forge a UDP packet from a DNS server, construct a specially crafted DNS response and cause 1 byte of memory to be overwritten, resulting in a denial of service or arbitrary code execution.

Vendor Reference: http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

Preface: There are plenty of astronomical events every year.
In the evenings of 26 May 2021, it was total lunar eclipse. Do you believe rumours of super moon (astronomical phenomenon)?

Background: Virtual SAN Health check plugin checks all aspects of a Virtual SAN configuration. It implements a number of checks on hardware compatibility, networking configuration and operations,
advanced Virtual SAN configuration options, storage device health as well as virtual machine object health. The Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.

Vulnerability details: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CVE-2021-21985 – VMSA-2021-0010 (Virtual SAN Health Check Plugin)

CVE-2021-21986 – VMSA-2021-0010 (Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Plugins)

Workaround: Plugins must be set to “incompatible.” On vCenter Linux and Windows platforms, simply disabling plugins from within the UI will not prevent exploitation.

Official announcement – https://www.vmware.com/security/advisories/VMSA-2021-0010.html

24^th May, 2021

Preface: It let you avoid malware infection in your computer. MalwareFox can detect and remove malware in precise way. MalwareFox Antimalware at low cost comparing to other competitors.

Background: In a computer, ioctl is a system call dedicated to the input and output operations of the device. The call receives a request code related to the device. The function of the system call depends entirely on the request code.

Remark: The ioctl system call first appeared in Version 7 of Unix under that name. Microsoft Windows provides a similar function, named “DeviceIoControl”, in its Win32 API.

Vulnerability details: IOCTL 0x80002040 exposes kernel memory allocation in the NonPagedPool where a user-mode string is copied into the target buffer, this buffer can be used for shellcode by forcing the input data to be larger than 0x1000 bytes, a buffer larger than 0x834 will cause a STATUS_ACCESS_VIOLATION. Hacker must trick the IOCTL into failing and forgetting to free the buffer, you can then search SystemBigPoolInformation for the newly allocated buffer with the shellcode.

* When writing to a file Microsoft sets the bufferSize to 4096 bytes, but when reading they are using [0x1000].

Official details: As of today, vendor does not provide update related to this matter. Their homepage can be found in the following link – https://www.malwarefox.com/

Preface: Windows 10 IoT Core is a version of Windows 10 that is optimized for smaller devices with or without a display, and that runs on the Raspberry Pi 2 and 3.

Background: ASP.NET Core is one of the best frameworks available to make cross-platform web applications. The free Windows 10 IoT Core along with ASP.NET 3.0 allows one to build applications or background run services on an IoT device. Since Windows 10 requires greater amounts of RAM than most Linux distributions, only a Raspberry Pi 4, 3, or 2 with at least 1 GB of RAM can run the ARM edition through the WoR project.

Vulnerability details: An unauthenticated attacker could send a specially crafted packet to a targeted server utilizing the HTTP Protocol Stack (http.sys) to process packets.The issue with that is that an attacker can trigger a code-path that frees every entries of the local list leaving them dangling in the Request object.

Reminder: If you plan to run Windows 10 IoT Core on Raspberry Pi. Don’t forget to fix it.

Remedy: https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31166

Preface: 3350 companies reportedly use Elasticsearch in their tech stacks, including Uber, Shopify, and Udemy.

Background: Organizations can use big data analytics systems and software to make data-driven decisions that can improve business-related outcomes. Elasticsearch is a popular open-source search
and analytics engine for use cases such as log analytics, real-time application monitoring, and click stream analytics.

Remark: Elastic, the company behind Elasticsearch and Kibana, has made a change to their licensing. They’ve taken a unique approach to “doubling down on open”: customers can now choose between two non-open source licenses. 

Vulnerability details: Flaw found in Kibana and Elasticsearch version before 7.11.2 abd 6.8.15. It risk to exposure of Sensitive Information to an Unauthorized person and unintentionally extending authenticated users sessions. Details shown as below:

CVE-2021-22136 – https://nvd.nist.gov/vuln/detail/CVE-2021-22136

CVE-2021-22135 – https://nvd.nist.gov/vuln/detail/CVE-2021-22135

Preface: Near field communication (NFC) technology lets smartphones and other enabled devices communicate with other devices containing a NFC tag.

Vulnerability details: Use After Free vulnerability in nfc sockets in the Linux Kernel before 5.12.2 allows local attackers to elevate their privileges. In typical configurations, the issue can only be triggered by a privileged local user with the CAP_NET_RAW capability. This flaw is rated as having a Moderate impact because in the default configuration, the issue can only be triggered by a privileged local user (with capability CAP_NET_RAW).
What if Creating raw socket in Python without root privileges?

Reference:

Activating the SUID bit for the file with a command like chmod +s file and set its owner to root with chown root.root file.
This will run your script as root, regardless of the effective user that executed it.

Setting the CAP_NET_RAW capability on the given file with a command like setcap cap_net_raw+ep file.
This will give it only the privileges required to open a raw socket

Announcement by vendor – https://access.redhat.com/security/cve/CVE-2021-23134