Preface: Advantech is a leading brand in IoT intelligent systems, Industry 4.0, machine automation, embedding computing, embedded systems, transportation, …

New vulnerabilities found in WebAccess/SCADA Version 8.3:
CVE-2019-6519 – An improper authentication vulnerability exists that could allow a possible authentication bypass allowing an attacker to upload malicious data.
CVE-2019-6521 – Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.
CVE-2019-6523 – The software does not properly sanitize its inputs for SQL commands.

Status: Vendor do not have patch release in the moment (see below url)

https://support.advantech.com/support/DownloadSRDetail_New.aspx?SR_ID=1-MS9MJV&Doc_Source=Download

Recommendation: Enforce access control. Meanwhile install SIEM facility to enhance the preventive and detective control.

Preface: runc is a CLI tool for spawning and running containers according to the OCI specification.

Vulnerability: Found vulnerability on runc affecting several open-source container management systems that leverage runc

Impact: The vulnerability allows a malicious container to overwrite the host runc binary and thus gain root-level
code execution on the host. But exploit this vulnerability requires user interaction.

Remedy: Official announcement:
Redhat – https://access.redhat.com/security/vulnerabilities/runcescape
AWS – https://aws.amazon.com/security/security-bulletins/AWS-2019-002/

Preface: It was because of new version 4.0 introduced on Jan 2018. Cisco urge customers upgrade to 4.0 to do the remediation. The Elastic Services Controller Service Portal Authentication Bypass Vulnerability finally fixed on Feb 2019.

Product background: Cisco ESC provides a single point of control to manage all aspects of VNF lifecycle for generic Virtual Network Functions (VNFs) in a dynamic environment. ESC brings advanced capabilities like VM and Service monitoring, auto-recovery and dynamic scaling.

Speculate the technical weakness on similar design function: Perhaps the problem given by Vulnerabilities of using a REST API token based authentication! So the official announcement state that vulnerability is due to improper security restrictions that are imposed by the web-based service portal of the affected software.

Official announcements: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-esc

Preface: GD is extensively used with PHP. As of PHP 5.3, a system version of GD may be used as well, to get the additional features that were previously available only to the bundled version of GD.

Technical background: The LibGD 2.2.5 allow to written C code to load an entire image file into a buffer in memory, then ask gd to read the image from that buffer. But the programmer must responsible for allocating the buffer, apart from that a customized function must responsible for freeing the buffer with your normal memory management functions.

Vulnerability found: A vulnerability in GD Graphics Library (libgd) could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system.

Doubt: Similar vulnerability was found on 2017 (Double-free in gdImagePngPtr(). (CVE-2017-6362)).
LibGD 2.2.5 release announced that Double-free in gdImagePngPtr(). (CVE-2017-6362) has been fixed!

Vendor announcements: https://github.com/libgd/libgd/issues/492

Preface: Apple found memory vulnerability, since no additional information will be provided by vendor.
Does it relate to DUI (Dereference Under the Influence)?

What is DUI?
Attackers use the DUI vulnerability as a memory access service to mount attacks. Their aim to influence memory operations of isolated components through inputs to their public interface.

Apple Releases Multiple Security Updates:
Original release date: February 07, 2019

About the security content of iOS 12.1.4 – https://support.apple.com/en-us/HT209520

About the security content of macOS Mojave 10.14.3 Supplemental – Update – https://support.apple.com/en-us/HT209521

Preface: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

Background: A WAF is deployed to protect a specific web application or set of web applications. Generally, the common attacks such as cross-site scripting (XSS) and SQL injection will be under WAF protection. But in reality, XSS is hard to avoid.

New vulnerability found: Palo Alto Networks PAN-OS is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

The following PAN-OS versions are affected:

PAN-OS 7.1.21 and prior
PAN-OS 8.0.14 and prior
PAN-OS 8.1.5 and prior

Official announcement shown as below: https://securityadvisories.paloaltonetworks.com/Home/Detail/140

Preface: Avahi is a free zero-configuration networking (zeroconf) implementation, including a system for multicast DNS/DNS-SD service discovery.

Technical background:
Multicast DNS (mDNS) is a protocol that uses packets similar to unicast DNS except sent over a multicast link to resolve hostnames.

Vulnerability found in Avahi:
The vulnerability exists because the affected software misses link-local checks, causing the multicast DNS (mDNS) protocol to respond to IPv6 unicast queries with source addresses that are not on-link.

Impact: Remote attacker to access sensitive information on a targeted system or conduct DDoS!

Remedy released finally: 22 Dec 2018
https://github.com/lathiat/avahi/commit/e111def44a7df4624a4aa3f85fe98054bffb6b4f

Remark: Happy Lunar New Year. Kung Hei Fat Choi!

Preface: Dynamic memory automatically reclaimed when the garbage collector no longer sees any live reference to it.

Description: A vulnerability in the data acquisition (DAQ) component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured access control policies or cause a denial of service (DoS) condition.

Official announcement – https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-firepowertds-bypass

My opinion: For memory that is not associated with a Scheme object, we cannot assume the new memory block can be freed by a garbage collection. FirePower run on top of Cisco ASA appliance.See below bug history, eventhough it is Cisco. The design is better to separate the Snort with CISCO ASA!

Preface: phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web.

Description: Phpmyadmin sometimes similar is a gadget. It can help you reset your WordPress password. It seems to be very useful, but this time the vulnerability is equivalent to the Swiss Army Knife, thus breaking your defense mechanism.

Vulnerability detail: An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.

Official reference: https://www.phpmyadmin.net/security/PMASA-2019-2/