Preface: Linux makes very efficient use of the system’s resources.You can give new life to your old and slow Windows system by installing a lightweight Linux system. Variants of Linux are most widely used in the Internet of things and smart devices.

Vulnerability synopsis:
Namespaced mapping – when the two sorted arrays are used, the new code omits the ID transformation for the kernel . Found design flaw in kernel that DAC security controls on files whose IDs aren’t mapped in namespace.
So, user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace.

Official details: https://github.com/torvalds/linux/commit/d2f007dbe7e4c9583eea6eb04d60001e85c6f1bd

Comment: The Linux operating system is heavily used in modern computer equipment. Will it have an impact soon?

Preface:
VMware Workstation is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems[4] (an x86 version of earlier releases was available);[3] it enables users to set up virtual machines (VMs) on a single physical machine, and use them simultaneously along with the actual machine.

Findings:
VMware Workstation and Fusion contain an integer overflow vulnerability in the virtual network devices. This issue may allow a guest to execute code on the host.

Official announcement and Remedy:
https://www.vmware.com/security/advisories/VMSA-2018-0030.html

Comment:
Since the public announcement did not provide the technical details. However I suspected that a design weakness on True type font parser (embedded in the TPView.dll) not been remediated. The similar vulnerability found last year. The CVE reference number is CVE-2017-4913.

Remark: Be a happy black Friday but not for this vulnerability. Yes, this is the shopping on AWS,..etc. Happy hunting.

Preface:
PAYFORT Online Payment Gateway is the most Trusted in the Middle East. PAYFORT is here to help you accept online payments, reduce fraud & max your transaction amount.
Remark: On Mar 2018, official announce that PayFort International Inc. and its subsidiaries will be acquired by Amazon.

Vulnerabilities synopsis:
The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS vulnerabilities occurs!

What is Cross-site Scripting (XSS)?
Cross-site Scripting (XSS) refers to client-side code injection attack wherein an attacker can execute malicious scripts (also commonly referred to as a malicious payload) into a legitimate website or web application.

Impact:
One of the most common XSS attack vectors is to hijack legitimate user accounts by stealing their session cookies. This allows attackers to impersonate victims and access any sensitive information or functionality on their behalf.

The vulnerability details can be found in the following URL:

https://www.seekurity.com/blog/general/payfort-multiple-security-issues-and-concerns-in-a-supposed-to-be-pci-dss-compliant-payment-processor-sdk/

Preface:

Baidu Spark Browser is based on Chromium, the same engine which runs Google Chrome.

Vulnerability findings:
Baidu Browser provided by Baidu, Inc. is a Web browser. The installer of Baidu Browser contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries.

Impact:
Arbitrary code may be executed with the privilege of the user invoking the installer.

Observation:
The threat actor can placing a malicious version of the dll file in the “C:\Program Files (x86)\baidu\spark\” folder. When the victim starts the browser, the browser execute file will load the malicious version of dll library file. How does the malicious dll file implant? It looks that a reserve engineering was happened in the original installer.

Reference URL:

http://jvn.jp/en/jp/JVN77885134/index.html

Preface:
vSphere Data Protection is a backup and recovery solution designed for vSphere environments.It provides agentless, image-level virtual-machine backups to disk.
VMware vSphere 6.5 is the last release which includes the VDP product. All existing vSphere Data Protection installations with active Support and Subscription (SnS) will continue to be supported until their End of General Support (EOGS) date.

Vulnerability findings:
An attacker could exploit some of these vulnerabilities in VDP and thus to take control of an affected system.

Official remedy solution (see below URL):
https://www.vmware.com/security/advisories/VMSA-2018-0029.html

Appendix: VMware vSphere 6.5 is the last release which includes the VDP product. Meanwhile VMware announced the End of Availability (EOA) of the VMware vSphere Data Protection (VDP) product on April 5th, 2017. (See below URL)

https://kb.vmware.com/s/article/2149614

Preface: GPON stands for Gigabit Passive Optical Networks. GPON is defined by ITU-T recommendation series G.984.1 through G.984.6.

ZTE model F670 is a GPON Optical Network Terminal designed for Fiber to the home (FTTH) scenario. Therefore, it is very popular in today’s Internet home use.

Vulnerability findings:
Some ZTE CPE terminal products encountered below vulnerability. For more detail please refer to official announcement.
1. Heap-based buffer overflow vulnerability, which may allow an attacker to execute arbitrary code.
2. May allow an unauthenticated attacker to get the GPON SN information via appviahttp service.
3. May allows an attacker to cause a denial of service via appviahttp service.
4. May allows an unauthorized user to perform unauthorized operations on the router.
5. An attacker can be allowed to brute force account credentials.

Vulnerabilities and remedy details:
http://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1009383

Comments: We aware that there are plenty of IoT devices expose their vulnerabilities on internet. It such a way to let the cyber criminals form their cyber attack army (Botnet). So staying alert and following the vendor recommendation to execute the remedy.

Preface:
Chakra is a JavaScript engine developed by Microsoft for its Microsoft Edge web browser. It is a fork of the JScript engine used in Internet Explorer.

Description:
The technical details issued by patch Tuesday not describe explicitly (see below).

A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge.This vulnerability could also be exploited through Microsoft Edge via specially crafted web sites or advertisements..

Speculation:
Remote attacker to execute arbitrary code on the system caused by a ballout error in the JavaScript JIT compiler when inling ‘Array.prototype.push’ with multiple arguments.
Remark: The push() method adds oneor more elements to the end of an array and returns the new length of the array.

Remedy:

CVE-2018-8541
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8541
CVE-2018-8542
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8542
CVE-2018-8543
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8543
CVE-2018-8551
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8551
CVE-2018-8555
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8555
CVE-2018-8556
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8556
CVE-2018-8557
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8557
CVE-2018-8588
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8588

Preface:
Integrated Windows Authentication utilizes Negotiate/Kerberos or NTLM to authenticate users based on an encrypted ticket/message passed between a browser and a server. This is the standard authentication algorithm for Microsoft products.

Design weakness:
Hacker steal the NTLM Credentials via PDF Files. They exploit NTLM hash leaks stealing a Windows user’s NTLM hashes.

Official announcement:
Updates for Photoshop CC for Windows and macOS
https://helpx.adobe.com/security/products/photoshop/apsb18-43.html

Security updates for Adobe Acrobat and Reader for Windows
https://helpx.adobe.com/security/products/acrobat/apsb18-40.html

Security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS
https://helpx.adobe.com/security/products/flash-player/apsb18-39.html

Preface:
Node.js is an open source, cross-platform built on Chrome’s JavaScript runtime for fast and scalable server-side and networking applications.

Known technical concerns:
Node.js has a set of built-in modules which you can use without any further installation.
In order to enhance the function and effectiveness, the 3rd party modules are available to operate with node.js framework. Since node.js is a runtime environment for the JavaScript-based applications. JavaScript is built into your browser software (IE, Chrome, Firefox, and Safari). JavaScript is used by HTML code to provide two-way communication between your browser and the web server without you needing to refresh the web page.
So, in certain circumstances, it is bring out the security concerns.

Known vulnerability modules:

Prototype Pollution Vulnerability in cached-path-relative Package
https://hackerone.com/reports/390847

[tianma-static] Stored xss on filename
https://hackerone.com/reports/403692

[takeapeek] Path traversal allow to expose directory and files
https://hackerone.com/reports/403736