Preface: The Global Positioning System (GPS) employs trilateration to calculate the coordinates of positions at or near the Earth’s surface. Trilateration refers to the trigonometric law by which the interior angles of a triangle can be determined if the lengths of all three triangle sides are known.

I have a set of coordinates, that I receive from GPS. Query to calculate the travelled distance:

ST_length(ST_Transform(st_makeline(points), 26986)) AS distance_travelled

Background:  GPSD is a service daemon that monitors one or more GPSes or AIS receivers attached to a host computer through serial or USB ports, making all data on the location/course/velocity of the sensors available to be queried on TCP port 2947 of the host computer.

In normal circumstances, Android smartphone operating system (from version 4.0 onwards and possibly earlier) uses GPSD to monitor the phone’s on-board GPS, so every location-aware Android app is indirectly a GPSD client.

MediaTek, along with Qualcomm, is one of the most important third-party chipmakers in the Android smartphone ecosystem.

The program source of MediaTek is a freeware, but not open source. That’s why the source code is not public. The whole library is written in Java and the native drivers are written in assembly.

Vulnerability details: In GPS, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Affected Chipsets: MT6580, MT6735, MT6739, MT6753, MT6757, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6891, MT6893, MT6895, MT6983, MT8167, MT8168, MT8173, MT8185, MT8321, MT8362A, MT8365, MT8385, MT8666, MT8667, MT8675, MT8765, MT8766, MT8768, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797

Affected Software Versions: Android 10.0, 11.0, 12.0, 13.0

Official announcement: For details, see the link –

Mediatek – https://corp.mediatek.com/product-security-bulletin/January-2023

Android – https://source.android.com/docs/security/bulletin/2023-01-01

Preface: The SSL VPN must be exposed to the Internet. So you can use the service anywhere. This is a basic design.

Fortinet has patched a zero day buffer overflow in FortiOS that could lead to remote code execution. There has been a report of active exploitation and organizations should patch urgently. (2 weeks ago – Dec 12, 2022).

Background: Establish an SSL VPN from a client outside the base network to FortiGate inside the base network so that external clients can access the inside of the base network. You need to install the VPN client software called FortiClient on the external client.

Vulnerability details: A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Official announcement: For details, see the link – https://www.fortiguard.com/psirt/FG-IR-22-398

Workaround: Disable SSL-VPN.

Preface: If you were a child, you would think of the moon and Mars. Furthermore you will think about robot and extraterrestrial. But you might not think about design weakness, so called vulnerability.

Background: Robot Operating System (ROS) is a set of open source algorithms, hardware driver software and tools developed to develop robot control software. Despite having an operating system in its name, it is not an operating system.

• Communication System (Publish Subscribe and Remote Method Invocation),
• Framework & Tools (Build system & dependency management, Visualization, Record and Replay)
• Ecosystem (Language bindings, Drivers, libraries and simulation (Gazebo)).

Distributed applications are designed as units called nodes. In robotic systems, sensors (lidars, cameras) motion controllers (motors that provide motion), and algorithmic components (route planners) can all be nodes. ROS 2 separates the node concept from the OS-level process structure.

All nodes in the system can be run on a single computer or they can be distributed and run across multiple computers.

Vulnerability details: The ntpd_driver component before 1.3.0 and 2.x before 2.2.0 for Robot Operating System (ROS) allows attackers, who control the source code of a different node in the same ROS application, to change a robot’s behavior.

Official announcement: For details, see the link – https://nvd.nist.gov/vuln/detail/CVE-2022-48198

Wishing you all a very happy New Year! May your 2023 be filled with love and happiness.

Preface: Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.

Background: Most of the victims are based on Windows OS. But some of the victims were Linux users. A common approach among cyber defense vendors is to enforce detection and prevention measures.

Sometimes a vulnerability doesn’t get your attention, but it’s a passive exploitation tool. Because this kind of design weakness can let the attacker do the evasion. Yes, it is a Use After Free vulnerability in vim (prior to 9.0.0882).

All Unix Like systems will have built-in vi text editor, but currently we use more vim editor (vim has the ability of program editing).

Vulnerability details: Use After Free in GitHub repository vim/vim prior to 9.0.0882. For details, see the link – https://nvd.nist.gov/vuln/detail/CVE-2022-4292

Observation: An attacker could exploit a Use After Free vulnerability to pass arbitrary malicious code (or a reference to it) into an application and then use the dangling pointer to navigate to the start of the arbitrary code and so execute it.

Afterwards, exploit other vulnerabilities on Linux to execute the attack.

As there is currently no such exploit. But my point is that Linux users and environments should be aware of this small vulnerability. Do not despise this power.

Mitigation – Untrusted vim scripts with -s [scriptin] are not recommended to run.

Preface: Sometimes it is difficult to determine what the clear impact of a vulnerability is. However if there is design weakness found, it should do a corrective control. There is a race condition issue exists within the Amazon EFS mount helper in efs-utils. What is race condition in traditional understanding.

When race conditions occur. A race condition occurs when two threads access a shared variable at the same time.

Background: EFS offers two methods to connect your Linux-based EC2 instance to your EFS file system. Both use a process called mounting whereby you mount a target to the EFS file system on your instance.

The EFS mount helper is a utility that has to be installed on your EC2 instance.

After installing the Amazon EFS mount helper amazon-efs-utils, just add the -o tls option when mounting, and your communication with Amazon EFS will be encrypted without any changes to your application. Please see the picture for details.

Vulnerability details: When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems.

Remedy: This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.

Official details: Please see the link for details – https://nvd.nist.gov/vuln/detail/CVE-2022-46174

Preface: The researchers found that 91.88 percent of attacks targeting port 445, the most common SMB port, attempted to use the EternalBlue exploit. Even if this is a Linux environment, when the server supports the SMB version of the protocol. It more or less may have the opportunity to integrate with other peer servers, especially Windows servers. Therefore, it must be aware of the potential risks of ransomware.

Background: Common Internet File System (CIFS), an implementation of the Server Message Block (SMB) protocol, is used to share file systems, printers, or serial ports over a network. Notably, CIFS allows sharing files between Linux and Windows platforms regardless of version.

Ref: To mount the CIFS share on Linux for File Viewer, use the command: mount -t cifs // host_name / VIEWER_SHARE -o username= username ,password= password / local_path. CIFS is an unsecure implementation of SMB – its lack of encryption has seen it exploited through malware like NotPetya and the WannaCry ransomware attack, which occurred through a zero-day exploit called EternalBlue.

Vulnerability details: CVE-2022-47939 – An issue was discovered in ksmbd in the Linux kernel before 5.19.2. fs/ksmbd/smb2pdu[.]c has a use-after-free and OOPS for SMB2_TREE_DISCONNECT.

• In computing, an oops is a serious but non-fatal error in the Linux kernel.

Details about this design weakness, see the link – https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cf6531d98190fa2cf92a6d8bbc8af0a4740a223c

Merry Christmas and Happy New Year

Preface: Long time ago,  blockchain developers announcement that they have developed a blockchain platform to launch a digital system for international payments capable of replacing the global Swift system. Seems they are not successful.

Background: IBM FTM for swift services is certified real-time SWIFT messaging interface. Ensure faster payments in addition to SWIFT without changing the back office. Lower costs of compliance and get tailored solutions for your organization

About RMA: When RMA was introduced in 2009 as a replacement for the Bilateral Key Exchange (BKE), the spirit of the product was for banks to open the door to as many counterparties and correspondents as possible. Legacy RMAs can also create the opportunity for payments to be sent to destinations which may no longer be wanted or authorised, resulting in fraud risk.

The RMA is a SWIFT-mandated authorisation that enables financial institutions to define which counterparties can send them FIN messages.

Vulnerability details: IBM Financial Transaction Manager SWIFT could allow an authenticated user to lock additional RM authorizations, resulting in a denial of service on displaying or managing these authorizations.

Official announcement: For details, see the link – https://www.ibm.com/support/pages/node/6848881

Some performance problems might seem to be locking problems even though they are really problems somewhere else in the system. For example, a table space scan of a large table can result in timeout situations. Similarly, when tasks are waiting or swapped out, and the unit of work is not committed, the tasks continue to hold locks.

One of the recommendation: Reduce locking contention on the catalog and directory for data definition, bind, and utility operations

You can use the following approaches to reduce this type of contention:

Avoid using LOCK TABLE statements and statements that use RR isolation to query the catalog.