Preface: The Global Data Center Blade Server market is projected to grow at a CAGR of 8.35% during the forecast period, reaching a total market size of US$23.535 billion in 2025 from US$14.548 billion in 2019, said ResearchAndMarkets.com’s.

Vulnerability details:

• authenticated attackers to potentially enable escalation of privilege via local access due to improper buffer restrictions (CVE-2020-0600)
• unauthenticated attackers to potentially enable escalation of privilege via adjacent access because of improper conditions checks (CVE-2020-0578)

Observation: Coincidentally, Cisco Blade server has similar of symptom occured in 2015. Did they encounter the same problem?

Synopsis: As DRAM manufacturing scales down chip features to smaller physical dimensions, to fit more memory capacity onto a chip, it has become harder to prevent DRAM cells from interacting electrically with each other. As a result, accessing one location in memory can disturb neighbouring locations, causing charge to leak into or out of neighbouring cells.

Official announcement: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00351.html

Preface: VMware announce that the external Platform Services Controller architecture is deprecated and will not be available in future releases.

Background: Authentication and certificate management is handled by the Platform Services Controller.

See attached diagram, the platform services controller original design place in a standalone box. It is advice to put together ( a vCenter Server with an Embedded Platform Services Controller). From cyber security protection prespective, the remedy reduce the attack surface. Before embedded design, there are lot of matters for worries. For instance, TLS. LDAP directory available on port 389. The service still uses port 11711 for backward compatibility with vSphere 5.5 and earlier systems.
In essence, organizations are being asked to add LDAP channel binding and LDAP signing configuration changes to make authentications via LDAP on Active Directory Domain Controllers more secure. Currently, out-of-box LDAP configurations are subject to an elevation-of-privilege vulnerability, which could get exploited via a “man-in-the-middle” attack.

Official announcement – https://www.vmware.com/security/advisories/VMSA-2020-0006.html

Preface: Technology cannot fight against coronavirus in the moment.
Easter, commemorating the resurrection of Jesus from the dead.
Wish that human can managed to fight it all. Comparing with coronavirus. The vulnerability in computer system looks easy resolve.

Security focus – Juniper Network product:

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification. This issue does not affect Junos OS device with single RE or stand-alone configuration.

My observation: Refer to attach diagram, below is the information for supplement.

Fundamental
/bin/sh is an executable representing the system shell. Actually, it is usually implemented as a symbolic link pointing to the executable for whichever shell is the system shell.
Since it is a bash file so commands inside it will get executed, and if we execute the file as root, then all the commands inside it will also get executed as root. So, let’s take advantage of that and append /bin/bash -i to the file. This will execute bash as root, which in turn will open the root shell.

Official announcement of this matter (JunOS vulnerability) – https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11010&cat=SIRT_1&actp=LIST

Preface: Dockerized Vesta Control Panel aka vestacp. You can download vesta source code and modify it the way you want. You are totally free to do it so to Vesta is licensed under GPL

Background: You are able to install and configure VestaCP on an Alibaba Cloud Elastic Compute Service (ECS) instance with CentOS 7

Vulnerability details: The proof of concept by Metasploit that a Low privileged authenticated users can execute arbitrary commands under the context of the root user. An authenticated attacker with a low privileges can inject a payload in the file name starts with dot. During the user backup process, this file name will be evaluated by the v-user-backup bash scripts. As result of that backup process, when an attacker try to list existing backups injected payload will be executed.

Remedy – Remedy looks not release yet, it is suggested to focus in official announcement. https://forum.vestacp.com/viewforum.php?f=25

Preface: According on 2020 market statistic, FireFox market share only 9.25%. But Chrome has 68.11% coverage. However I like FireFox.

How Firefox’s memory allocator works?

Firefox uses a memory allocator called moz jemalloc. There are two properties which focus by cyber security expert so far!

[PSJ] – In essence, a chunk is broken into several runs.

– Each run holds regions of a specific size. [TSOF]

– The feature of jemalloc is that it operates in a last-in-first-out (LIFO) manner, a free followed by a garbage collection and a subsequent allocation request for the same size, most likely ends up in the freed region.

Vulnerability details: CVE-2020-6819 is a use-after-free vulnerability due to a race condition when the nsDocShell destructor is running. CVE-2020-6820 is a use-after-free vulnerability due to a race condition in the ReadableStream class, which is used to read a stream of data.

Official announcement – https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/