Category Archives: Potential Risk of CVE

Potential Risk of CVE

July 2018 – CVE-2018-3754 All versions of query-mysql are vulnerable to SQL injection

As time goes by node.js and MYSQL database become another technology trend in IT world. Before Node.js, Javascript was only used for client-side development. It was necessary to use a different server-side programming language. Nowadays web applications deploy Javascript, making app deployment much easier and more efficient.

But web application developer must staying alert. However a vulnerability was found. The Node.js third-party module query-mysql versions 0.0.0, 0.0.1, and 0.0.2 are vulnerable to an SQL injection vulnerability due to lack of user input sanitization. This may allow an attacker to run arbitrary SQL queries when fetching data from database.

Should you have interested, please see below:

https://nodesecurity.io/advisories/666

Application Development, Potential Risk of CVE

Jul 2018 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)

1 Comment

CVE-2018-12882 – PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file)

Use-After-Free vulnerabilities are a type of memory corruption flaw that can be leveraged by hackers to execute arbitrary code. Refer to statistic, PHP Version 5 is used by 82.0% of all the websites who use PHP. How about this vulnerable version? It  is 17.3 %. Both statistic informaiton seems up to date. PHP programming language have following advantage.

  1. Cross-Platform. PHP is, an application can be run on various platforms.
  2. Ease of use. Any individuals who are new to programming can easily learn to use them within a short duration of time.
  3. Open source and Powerful library support.

Hey, but do the remediation first! If you are using version 7.x.

CVE details shown as below: https://www.securityfocus.com/bid/104551/info

Potential Risk of CVE, Under our observation

July 06, 2018 – Apple Releases Security Update for Boot Camp

WiFi connection seems secure when IT Department authenticating wifi users with windows active directory. A know issue told the world that WPA is not secure and therefore the WiFi authentication best practices jump to WPA2. From general point of view, we all focusing to WiFi access point, authentication protocol and encryption method. It looks that we forget endpoint itself is our missing area. A design weakness found on Apple Mac book products. The explanation by Apple is that a logic issue existed in the handling of state transitions. See attached diagram, when endpoint enforce packet number (PN) reset to 1. Then the attacker possible to engage the replay attack.

Impact: An attacker in Wi-Fi range may force nonce reuse in WPA unicast/PTK clients (Key Reinstallation Attacks – KRACK)

Comment: With WPA/WPA2, rekeying of both unicast and global encryption keys is required. Seems WPA2 is the main trend today. So WPA looks ignore by manufacturer. And therefore is going to fix the bug in WPA now!

Official announcement – https://support.apple.com/en-us/HT208847

Potential Risk of CVE

Sometimes he is your friend, but somtimes he is your enemy (CVE-2018-12907)

Have you been use Rclone? Rclone is an opensource tool for syncing to various forms of cloud storage. In Rclone 1.42, use of “rclone sync” to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL’s content to Google, because there is no validation of a URL field received from the Google Cloud Storage API server.

Should you have interest of this topic, please refer below url for reference.

http://openwall.com/lists/oss-security/2018/06/27/3

Data privacy, Potential Risk of CVE

TIBCO Security Advisory: June 26, 2018

The vulnerabilities that may allow for unauthorized information disclosure, remote code execution and allow for the disclosure of information looks a common topic in CVE list. Predictive models and analysis are typically used to forecast future probabilities. Applied to business, predictive models are used to analyze current data and historical facts in order to better understand customers, products and partners and to identify potential risks and opportunities for a company. TIBCO Spotfire makes it easy for you to analyze data from any number of data sources. Using this data, you can create predictive models and apply advanced techniques within the Spotfire environment. What do you think if this type of services has data breaches incident occurs?

TIBCO Spotfire existing has 1400 websites. Market share 2.49 % comparing with similar functions of competitor.

TIBCO Spotfire Product Family Remote Code Execution Vulnerability

https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5435

TIBCO Spotfire Product Family Information Disclosure Vulnerability

https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5437

TIBCO Spotfire Server information disclosure vulnerabilities

https://www.tibco.com/support/advisories/2018/06/tibco-security-advisory-june-26-2018-tibco-spotfire-2018-5436

Potential Risk of CVE, Under our observation

Jun 2018 – SSL Forward Proxy vulnerability (CVE-2018-5527)

Since data privacy is the 1st pirority of objective in cyber world. We now internet connectivity heavy utilize of SSL cert. For instance SSL VPN, PKI, SSL web server,etc. Popular web portal receive large amount of connectiviies per second. And therefore the popluar solution is TCP offload. Install SSL server cert out of web server and install in web server front end. That is load balancer. Even though you said, you have TCP offload. But fundenmental limation told that SSL connections consume about twice as much memory as HTTP layer 7 connections, and four times as much memory as layer 4 with TCP proxy. Meanwhile huge amount of ssl session from cache while full garbage collection seems cause IO Thread owned lock delayed, and other I/O threads BLOCKED.

F5 now resolved their SSL forward proxy vulnerability (CVE-2018-5527). See below:

https://support.f5.com/csp/article/K20134942

But believe that it is a not easy ending story caused by the following factors!

1. Huge amount of ssl session from cache while full garbage collection seems cause IO Thread owned lock delayed, and other I/O threads BLOCKED.

2. SSL connections consume about twice as much memory as HTTP layer 7 connections, and four times as much memory as layer 4 with TCP proxy.

Potential Risk of CVE

Jun 2018: Misbehaviour technique revealed (manipulate cryptocurrencies (ERC20 Tokens))

A liquidity trap is caused when people hoard cash, if the cryptocurrency exchange do the manipulation. As a result the suspect cryptocurrency exchange equivalent as a crook.

The company headquartered in Hangzhou, China goal to identify cryptocurrency hidden vulnerabilities, expose zero-day exploits, and defend against emerging threats. On Jun 2018 two key misbehaviour techniques was revealed. So called “tradeTrap” and “evilReflex”.

So called the “tradeTrap”

CVE-2018-12084,CVE-2018-12082,CVE-2018-12083,CVE-2018-11446,CVE-2018-12080,CVE-2018-12063,CVE-2018-12078,CVE-2018-12070,CVE-2018-12067,CVE-2018-12079,CVE-2018-12062,CVE-2018-12081 & CVE-2018-12068

https://peckshield.com/2018/06/11/tradeTrap/

So called the “evilReflex”

CVE-2018-12703 and CVE-2018-12702

https://peckshield.com/2018/06/23/evilReflex/

Potential Risk of CVE

30th Jun, 2018 – VMware releases security updates

VMware Releases Security Updates – June 30, 2018 VMware ESXi, Workstation, and Fusion contain multiple out-of-bounds read vulnerabilities in the shader translator. A local user can trigger an out-of-bounds memory read error in the shader translator to obtain potentially sensitive information or cause their virtual machine to crash. The browser’s built-in shader translation facilities, it is a underlying platform’s graphics driver. So, VMware user must staying alert!

VM offical announcement  – https://www.vmware.com/security/advisories/VMSA-2018-0016.html

 

Potential Risk of CVE, Under our observation

See whether does it a defect on GNU Binutils (status update on 25th June 2018)

 

Bug (CVE-2018-7642) found GNU Binutils 2.30 on 24th Feb 2018. GNU Binary Utilities, or binutils, are a set of programming tools for creating and managing binary programs, object files, libraries, profile data, and assembly source code. The GNU compiler Collection (gcc) play a important role of software development. If a bug will be happened in compiler. We might imagine that it will effect the software development life cycle (SDLC). A bug found earlier this year on GNU Binutils hits system crash. But bug found on April 2018 looks expanded and not only system crash. Should you have interest, please refer below url for reference.

CVE-2018-12700 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

CVE-2018-12700 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

CVE-2018-12699 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

CVE-2018-12641 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85452

CVE-2018-12698 – https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85454

Bug found GNU Binutils 2.30 on 24th Feb 2018

CVE-2018-7642 – GNU Binutils 2.30

 

Potential Risk of CVE, Under our observation

Will satellites be affected by a buffer overflow vulnerability?

5 Comments

Will satellites be affected by a buffer overflow vulnerability? Heard that hacker interested of the satellite device. This news let you imagine that it is a APT attack, right? It looks that political issues run around the world. Who’s right? Who’s wrong? Perhaps god also doesn’t know. On 16th Jan 2018, the confirmation of Solaris and SPARC Spectre vulnerabilities comes as Oracle delivers its Meltdown/Spectre patches for its x86 servers. Meldown and Spectre look like a AIDS or ebola disease.

The CDMU (Command and Data Management Unit) is used for spacecraft control especially satellities. It is composed of the following functional element. The LEON-3 CPU, developed by Gaisler Research, is a 32 bit synthesisable processor core based on the SPARC V8 architecture. Oh! As far as I know, hacker can be exploiting SPARC Buffer Overflow vulnerabilities. Perhaps it is not easy to do the patch management on the sky? Should you have interest of this topic, please refer below url for references.

http://www.nspo.narl.org.tw/en2016/aboutNSPO/gs.html