Preface: Node[.]js has a built-in WebSocket module, but this module doesn’t provide the functionalities required to build complex real-time applications; this is why Socket[.]io exists.
Socket[.]IO is quite popular and companies like Amazon, Zendesk,……and several others use it to develop robust real-time applications. It one of the most powerful JavaScript frameworks on GitHub, and most depended-upon NPM (Node Package Manager) module.

Background: Socket[.]io is a JavaScript library. It is a way to communicate between a client and a server. It allows real-time data flow. It is bi-directional communication, means we can flow data in both directions:

• Client to Server
• Server to Client
  engine.io is a lower level library than socket.io. Engine is to Socket[.]IO what Connect is to Express. If you want the lower level abstraction, use engine[.]io. If you want a websocket abstraction, keep using socket[.]io.

Remark: engine[.]io is of more interest to you if you’re building a library/framework on top of socket[.]io.

Vulnerability details: A specially crafted HTTP request can trigger an uncaught exception on the Engine[.]IO server, thus killing the Node[.]js process. This impacts all the users of the engine[.]io package, including those who uses depending packages like socket[.]io.
A malicious client could send a specially crafted HTTP request, triggering an uncaught exception and killing the Node[.]js process:

Solution: There is no known workaround except upgrading to a safe version. There are patches for this issue released in versions 3.6.1 and 6.2.1.

Official announcement: Please refer to the link for details – https://github.com/advisories/GHSA-r7qp-cfhv-p84w

Preface: A system on a chip (SoC), is an integrated circuit that integrates all or most components of a computer or other electronic system. A SoC chip may have several GPIO components. Linux doesn’t usually run on Cortex-M, 8051, AVR, or other popular microcontroller architectures. Instead, we use application processors — popular ones are the Arm Cortex-A, ARM926EJ-S, and several MIPS iterations.

Background: How can mobile device download firmware directly from vendor if it don’t have windows, Linux or Mac workstation? Mobile device can use firmware downloader to check for the latest update for your device, download that firmware as long as you know the correct model, region, and firmware string.

The file which responsible for Firmware downloader function is (./drivers/nfc/nfcmrvl/fw_dnld.h). Furthermore, the file name (./drivers/nfc/nfcmrvl/main.c) is responsible for major function.

Vulnerability details: A flaw in Linux Kernel found in nfcmrvl_nci_unregister_dev() in drivers/nfc/nfcmrvl/main.c can lead to use after free both read or write when non synchronized between cleanup routine and firmware download routine.

Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program.

Official announcement: See the link for details on this vulnerability – https://github.com/torvalds/linux/commit/d270453a0d9ec10bb8a802a142fb1b3601a83098

Preface: The addition of a forged TCP packet to an existing TCP session. Can only be performed on unsecured sessions (not HTTPS).

About Oracle Critical Patch Update – July 2020 : When I open the related Oracle article. It was amazing that containing a whole bunch of vulnerability details. Meanwhile I had headache that how to conduct my analysis in correct way. As usual, Oracle do not want to disclose the details on vulnerability, may be this is the company policy!

In short, I had did research and analytic on SD WAN topic. As mentioned, the data provided by vendor not clear and therefore I did the analytic and summarize my findings based on below circumstances. My observation found the following matter close to vulnerability (CVE-2020-14606).

In Oracle SD-WAN Edge 8.2 features guide has the following details:
Issue:29989632 (19500) – User Names can now contain several special characters that were previously disallowed: @, /, and \ . (APN 8.1 P1)
Issue:29986230 (15145) – The special characters ‘/’, ‘ \ ‘, and ‘@’ are now permitted in Aware usernames.

Speculation: Perhaps the regular expression not correctly filter special character “\” especially special character “\” contain in HTTP and causes the HTTP Response Splitting.

For the rest of the vulnerabilities, please refer to the link – https://www.oracle.com/security-alerts/cpujul2020verbose.html

In order to prevent people know the information, Da Vinci use wrote backwards handwriting. Also known as mirror-writing, where the words appear as normal when seen with a mirror.

Modern people know very little about Da Vinci’s early life, and he only recorded two childhood story. This happened during Da Vinci’s expedition in the mountains. Da Vinci discovered a cave during his expedition. He was afraid that there would be some huge monster lurking in the cave, but he was driven by curiosity and wanted to know what was inside. When he walked into the cave and found a huge unknown object lying quietly in the cave, Da Vinci was shocked. Later, several non man kind emerged from the unknown object, and they imparted knowledge to Da Vinci. Before he pass away, Da Vinci spend decade to finish his Arts work. It is the famous Mona Lisa smile.

I can seen the cave in his art work. How about you?

Preface: To do the remedy of CVE-2020-0688, you need to install the security update in addition to the Cumulative Updates.

Vulnerability Background: Microsoft using the same set of cryptographic keys on every Exchange Server installation. The keys being stored in plain text in a web.config file on every server.

Details: Microsoft release the patch on 11th Feb, 2020. Less than 2 weeks later. Researchers released proof of concept (POC) exploits for this vulnerability on February 24, 2020. If you have chosen publish Exchange externally. This patch must be applied.
Attacker exploit this vulnerability is easy. The social network sometimes unintentionally leave the finger print (company email address). When attacker got the email address on hand. The elaborate email subject and content presents challenges for traditional security tools, because it is designed specifically to evade detection. If victim fall to the trap (phishing mail) which lure they provide the credential. Even though it is a non privileges user.Attacker can activated this vulnerability to conduct the remote code execution.

“They will try to locate you OWA server. If your existing Exchange SRV is vulnerable. The attack channel can pass through your OWA.”

Remedy: Official announcement – https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0688