Preface: The new Edge and Chrome are very similar, as both are built on the same Chromium platform. Meanwhile, Microsoft Edge is based on the Chromium open-source project. Furthermore, when chrome has vulnerability occurs, perhaps Microsoft browser (edge) will be get involves.

Background: WebGL enables web content to use an API based on OpenGL ES 2.0 to perform 2D and 3D rendering in an HTML canvas
in browsers that support it without the use of plug-ins.

Vulnerability details: Just days after having issued patches for (14) Google Chrome vulnerabilities, zero day found again. The issue is that cyber criminals can exploit the flaw (Use after free) in WebGL. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation.

Ref 1: Vulnerability found on 15th June, 2021 – Type confusion in V8 in Google Chrome before 91.0.4472.101 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page. The CVE-2021-30551 insect is noted by Google as kind complication in V8,
implying that JavaScript safety can be bypassed for running unapproved code. Google’s V8 open-source JavaScript and WebAssembly engine.

Ref 2: Enable WebGL – In your Chrome URL bar, go to chrome://flags
Ensure that WebGL is enabled, and not disabled (You’ll need to relaunch Chrome for any changes to take effect)

Announcement by Microsoft – https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-30554

Announcement by Google – https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop_17.html

Preface: The proof of concept for this vulnerability has been announced. As usual, vendors use their patch release cycle. Therefore, an announcement was issued today (June 8, 2021).

Background: SAP NetWeaver is a software stack for many of SAP SE’s applications. It can be used for custom development and integration with other applications and systems, and is built primarily using the ABAP programming language, but also uses C, C++, and Java.

Vulnerability details: [CVE-2021-27610] Improper Authentication in SAP NetWeaver ABAP Server and ABAP Platform Product – SAP NetWeaver AS ABAP and ABAP Platform Versions – 700,701,702,731,740,750,751,752,753,754,755,804.
An ABAP server could not 100% correctly identify, if communication via RFC (TCP 3300-3399) or HTTP (8000) is between the application servers of the same SAP system or with servers outside the same system.

For official details, please refer to the URL – https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=578125999

Preface: Nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips. This driver is written by a group of independent software engineers. Nvidia sometimes will be assistance.

Background: What is DRM subsystem? The Direct Rendering Manager (DRM) is a subsystem of the Linux kernel responsible for interfacing with GPUs of modern video cards. DRM exposes an API that user-space programs can use to send commands and data to the GPU and perform operations such as configuring the mode setting of the display.

Vulnerability details:

There is a flaw reported in the Linux kernel in versions before 5.9 in drivers[/]gpu[/]drm[/]nouveau[/]nouveau_sgdma[.]c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. For example, if this is a virtual system environment. Fundamentally, nouveau is a free and open source graphics card driver. It is written for Nvidia’s graphics card and can also be used in the NVIDIA Tegra series of system chips.The potential impact of this vulnerability depends on the attack in where to take place.

Workaround: Kernel with CONFIG_SLAB_FREELIST_HARDENED=y option enabled should not be affected with this flaw.

Remedy: This was fixed for Fedora with the 5.7.16 stable kernel updates.

Preface: This vulnerability affects other vendors’ use of this product for their single sign-on function.

Background: Lasso is a free software C library aiming to implement the Liberty Alliance standards; it defines processes for federated identities, single sign-on and related protocols.Lasso is built on top of libxml2, XMLSec and OpenSSL and is licensed under the GNU General Public License (with an OpenSSL exception).

Vulnerability details: Lasso incorrect assertion validation and verification. When AuthnResponse messages are not signed (which is permitted by the specification), all assertion’s signatures should be checked, but currently after the first signed assertion is checked all following assertions are accepted without checking their signature, and the last one is considered the main assertion.

IMPACT:

• SOGo and PacketFence packages use the vulnerable Lasso library so it was impacted.
• Cisco (Adaptive Security Appliance (ASA), Content Security Management Appliance (SMA), Email Security Appliance (ESA), FXOS software, Web Security Appliance (WSA), and Firepower Threat Defense (FTD) as being affected)

Reference URL – https://blogs.akamai.com/2021/06/sogo-and-packetfence-impacted-by-saml-implementation-vulnerabilities.html

Preface: Open data indeed is a foundation base of smart City. Since it is not only provide function. Meanwhile it also analyses the daily activities make the IoT function more efficiency. If no hacker in the world. We can living in world more comfortable because we do not need to concern about cyber security. As we know, the electronic & digital products objective is the function instead of defense.

Background: As time goes by, IoT in smart city not only relies on WiFi network. It also includes Bluetooth communication function. Compare with WiFi 802.11, Bluetooth power consumption is less. So the IoT can operate in a capillary network environment. A capillary network is a local network that uses short-range radio-access technologies to provide local connectivity to things and devices.

Vulnerability details: Devices supporting Bluetooth Core and Mesh Specifications are vulnerable to impersonation attacks and AuthValue disclosure. For more detail, please refer url – https://kb.cert.org/vuls/id/799380

Workaround: Devices should not accept their own public key from a peer during a pairing session. The pairing procedure should be terminated with a failure status if this occurs. This is because the specifics events will be activate the SIEM correlation firing rule.

Synopsis: Retrospectively of 2019 Apache load balancer setup – Install Apache on the Load Balancer Server. Enable Proxy Server Modules. Configure Apache Load Balancing. The Apache server architecture includes the Apache Core and modules. Nginx found 2004, it is a performance-oriented HTTP server. Compared with Apache and lighttpd, it has the advantages of less memory and higher stability.
NGINX performs 2.5 times faster than Apache according to a benchmark test performed by running up to 1,000 simultaneous connections. Apache runs on all operating systems such as UNIX, Linux or BSD and has full support for Microsoft Windows. Nginx had equivalent capability. However the performance on Windows is not as stable as that on UNIX platforms.

Vulnerability details: On May 26, Nginx issued a security announcement to fix a DNS resolver vulnerability in the nginx resolver (CVE-2021-23017). Due to an error in ngx_resolver_copy() processing DNS responses, when the “resolver” is used in the nginx configuration file During the command, an unauthenticated attacker can forge a UDP packet from a DNS server, construct a specially crafted DNS response and cause 1 byte of memory to be overwritten, resulting in a denial of service or arbitrary code execution.

Vendor Reference: http://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

Preface: There are plenty of astronomical events every year.
In the evenings of 26 May 2021, it was total lunar eclipse. Do you believe rumours of super moon (astronomical phenomenon)?

Background: Virtual SAN Health check plugin checks all aspects of a Virtual SAN configuration. It implements a number of checks on hardware compatibility, networking configuration and operations,
advanced Virtual SAN configuration options, storage device health as well as virtual machine object health. The Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.

Vulnerability details: The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server.
A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

CVE-2021-21985 – VMSA-2021-0010 (Virtual SAN Health Check Plugin)

CVE-2021-21986 – VMSA-2021-0010 (Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Plugins)

Workaround: Plugins must be set to “incompatible.” On vCenter Linux and Windows platforms, simply disabling plugins from within the UI will not prevent exploitation.

Official announcement – https://www.vmware.com/security/advisories/VMSA-2021-0010.html

24^th May, 2021

Preface: It let you avoid malware infection in your computer. MalwareFox can detect and remove malware in precise way. MalwareFox Antimalware at low cost comparing to other competitors.

Background: In a computer, ioctl is a system call dedicated to the input and output operations of the device. The call receives a request code related to the device. The function of the system call depends entirely on the request code.

Remark: The ioctl system call first appeared in Version 7 of Unix under that name. Microsoft Windows provides a similar function, named “DeviceIoControl”, in its Win32 API.

Vulnerability details: IOCTL 0x80002040 exposes kernel memory allocation in the NonPagedPool where a user-mode string is copied into the target buffer, this buffer can be used for shellcode by forcing the input data to be larger than 0x1000 bytes, a buffer larger than 0x834 will cause a STATUS_ACCESS_VIOLATION. Hacker must trick the IOCTL into failing and forgetting to free the buffer, you can then search SystemBigPoolInformation for the newly allocated buffer with the shellcode.

* When writing to a file Microsoft sets the bufferSize to 4096 bytes, but when reading they are using [0x1000].

Official details: As of today, vendor does not provide update related to this matter. Their homepage can be found in the following link – https://www.malwarefox.com/