Preface: The software reads data past the end, or before the beginning, of the intended buffer. It may allow access to sensitive memory. This is so called “out of bounds read”.

Technical background: HHVM is an open-source virtual machine designed for executing programs written in Hack and PHP. HHVM uses a just-in-time (JIT) compilation approach to achieve superior performance. HHVM is developed by Facebook, so software developer for Facebook will select this technology.

Vulnerability details: Insufficient boundary checks for the strrpos and strripos functions allow access to out-of-bounds memory.

Impact: This affects all supported versions of HHVM (4.0.3, 3.30.4, and 3.27.7 and below).

Facebook HHVM release resolution via following link: https://github.com/facebook/hhvm/commit/46003b4ab564b2abcd8470035fc324fe36aa8c75

Preface: Lua is a powerful, fast, lightweight, embeddable scripting language. So it can work with Geospatial data perfectly.

Technical background: Redis is an open source (BSD licensed), in-memory data structure store, used as a database, cache and message broker. In order to achieve its outstanding performance, Redis contains different functions.The Redis Lua interpreter loads seven libraries: base, table, string, math, debug, cjson, and cmsgpack. From performance point of view, CJSON library provides extremely fast JSON manipulation within Lua.

Vulnerability details:

CVE-2019-11834 : cJSON Multiline Comments Out-of-Bounds Access Vulnerability (allowing the attacker to compromise the system completely)
CVE-2019-11835: cJSON Out-of-Bounds Access Vulnerability (allowing the attacker to compromise the system completely)

Remediation: The vendor has released software updates at the following link – https://github.com/DaveGamble/cJSON/releases

Preface: PHP is a scripting language that runs on a computer. Its main purpose is to process dynamic web pages, including command-line runtime interfaces or to generate graphical user interface programs.

Vulnerability details: A vulnerability in the EXIF component of PHP could allow an unauthenticated, remote attacker to access sensitive information on a targeted system.

Causes: The vulnerability exists in the exif_process_IFD_TAG function (ext/exif/exif.c source code). But similar flaw was occured in 2011 (CVE-2011-4566).

Official announcement: The PHP Project has released software updates via following url: https://php.net/downloads.php

Preface: A vulnerability in the REST API of Cisco Elastic Services Controller (ESC) could allow an unauthenticated, remote attacker to bypass authentication on the REST API.

About Rest API: The attacker could be at the client side, sometimes it compromise of your REST API and, where the victim is the REST API server, so the attacker can creates a rogue, malicious app. This is exact what Cisco is going to address.

Speculation: Hacker can exploit this way, java org.flowable.CallExternalSystemDelegate package to jar .

Affected Products : Software Release 4.1, 4.2, 4.3, or 4.4 when the REST API is enabled.

Remark: The REST API is not enabled by default.

Official announcement: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass

Preface: 78% of vulnerabilities are found in indirect dependencies, making remediation complex – said snyk.io.

Description: GSO for UDP: Segmentation offload reduces cycles/byte for large packets by amortizing the cost of protocol stack traversal.

Vulnerability details: udp_gro_receive_segment in net/ipv4/udp_offload.c in the Linux kernel 5.x through 5.0.11 allows remote attackers to cause a denial of service. The vulnerability exists because the udp_gro_receive_segment function, as defined in the net/ipv4/udp_offload.c source code file of the affected software, mishandles padded packets. A successful exploit could cause the system to crash, resulting in a DoS condition.

Remedy: Kernel.org has confirmed the vulnerability and released software updates – https://lwn.net/Articles/787532/

Preface: People judge an issue depends on your point of view. A design flaw or limitation of product in normal view point will make people dissatisfy. It is annoying and blame the designer what he is doing, does he dreaming?
From hacker point of view, the flaw can become a backdoor.

Highlight: CVE-2019-1804 – Cisco Nexus 9000 Series Fabric Switches Application Centric Infrastructure Mode Default SSH Key Vulnerability

Vulnerability details: The vulnerability occurs because default SSH key pair that is present in all devices. By default, most SSH implementations (e.g., OpenSSH) allow users to configure their own authorized key files (placing a public key in an account so they can access it using a private key). If organizations don’t keep an up to date inventory of authorized keys and regularly review it, users or even attackers may place authorized keys in unexpected places for future access.

Attention: For user who purchase directly from Cisco but do not hold a Cisco service contract. Do not worry, you should provides the product serial number and CVE reference number to Cisco as evidence of entitlement to a free upgrade. Besides, ther are many security update this week, please contact your cisco partner for update details.

Reference: Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey

Preface: In modern smart world, efficiency is the key words. Do we need that?

Background: Memcached is a decentralized cache memory system. Use Memcached can improve database performance. Redis and Memcached are popular today. The reason is that both are the open-source products. And they can boost up database performance. Redis and Memcached are both in-memory data storage systems.

Vulnerability details: A vulnerability in Memcached could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system.
The vulnerability exists because the lru mode and lru temp_ttl commands, as implemented in the memcached.c source code file, do not properly perform memory operations, which could result in a NULL pointer dereference memory operation error. NULL pointer dereference erros are common in C/C++ languages. Pointer is a programming language data type that references a location in memory. Once the value of the location is obtained by the pointer, this pointer is considered dereferenced.

Remedy: Remediation at the following links – https://github.com/memcached/memcached/commit/d35334f368817a77a6bd1f33c6a5676b2c402c02

Preface: IT world can’t without DHCP function! It looks like public vehicle in our daily life.

Background: dhcpcd is a DHCP and DHCPv6 client. It is currently the most feature-rich open source DHCP client.

Vulnerabilities Details:
One of the vulnerabilities exists because the dhcp6_findna() function (src / dhcp6.c source code file) does not correctly handle reading specific addresses.
The idea of exploiting this vulnerability involves modifying ebp to point to a part of the buffer where a return address can be read from, and at the same time, points to the payload within the same buffer. We so called 1-byte buffer overflows.R

Remedy:

DHCPv6 – https://roy.marples.name/git/dhcpcd.git/commit/?id=8d11b33f6c60e2db257130fa383ba76b6018bcf6
DHCP – https://roy.marples.name/projects/dhcpcd