Preface: Kerberos runs as a third-party trusted server known as the Key Distribution Center (KDC). Each user and service on the network is a principal. The KDC has three main components: An authentication server that performs the initial authentication and issues ticket-granting tickets for users.

Background: Kerberos implementations also exist for other operating systems such as Apple OS, FreeBSD, UNIX, and Linux.

Ref: The patch adds Privileged Attribute Certificate (PAC) signatures to the Kerberos PAC buffer. A PAC is an extension to a Kerberos ticket that contains information about a user’s privileges.

What are the changes in Kerberos October 2023?

October 10, 2023 – Full Enforcement phase

Removes support for the registry subkey KrbtgtFullPacSignature. Removes support for Audit mode. All service tickets without the new PAC signatures will be denied authentication.

Vulnerability details: lib/kadm5/kadm_rpc_xdr[.]c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.

Official announcement: For details, please refer to link – https://nvd.nist.gov/vuln/detail/CVE-2023-36054

Preface: NET 5 and [.] NET 6 are supported on multiple operating systems, including Windows, Linux, Android, iOS /tvOS, and macOS. The only difference is that[ .] NET 6 is further supported on Windows Arms64 and macOS Apple Silicon while .

Background: ASP[.]NET Core 6 is built on top of the [.] NET Core runtime and allows you to build and run applications on Windows, Linux, and macOS. ASP[.]NET Core 6 combines the features of Web API and MVC.

Red Hat Enterprise Linux (RHEL) 8 and later .NET 6 is capable for the IBM Z and LinuxONE (s390x) architectures, along with AMD and Intel (x64_64) and ARM (aarch64). IBM Z and LinuxONE is fully enabled throughout all .NET core components with the Mono runtime available (currently no CoreCLR support).

Vulnerability details: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.

CVE-2023-33170 – Security Feature Bypass – Race Condition in ASP.NET Core SignInManager PasswordSignInAsync Method.

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-33170

Preface: future 0.18.2 – Easy, safe support for Python 2/3 compatibility “future“ is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.

Background: Red Hat Satellite 6 is the evolution of Red Hat’s life cycle management platform. It provides the capabilities that administrators have come to expect in a tool focused on managing systems and content for a global enterprise.

Red Hat Satellite 6 is based upon several open source projects.

• future is the missing compatibility layer between Python 2 and Python 3. It allows you to use a single, clean Python 3.x-compatible codebase to support both Python 2 and Python 3 with minimal overhead.
• Foreman contain rubygem-safemode.

Vulnerability details:

• An issue discovered in Python Charmers Future 0.18.2 and earlier allows remote attackers to cause a denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)
• foreman: Arbitrary code execution through templates. (CVE-2023-0118)

Ref: To send cookies to the server in the request header, you need to add the “Cookie: name=value” HTTP header to the request. To send multiple cookies in one Cookie header, you must separate them with semicolons. Servers store cookies in the client browser by returning “Set-Cookie: name=value” HTTP headers in the response.

Official details: Please refer to the link – https://access.redhat.com/errata/RHSA-2023:4466

Preface: Encryption uses a key to ensure the ciphertext cannot be deciphered by anyone but the authorized recipient. Signing of data works to authenticate the sender of the data and tends to implement a form of encryption in its process.

Background: JSON Object Signing and Encryption (JOSE) is the set of software technologies standardized by the IETF to represent encrypted and/or sign content as JSON data. The technologies include JSON Web Signatures (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA).

Vulnerability details: OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication II Tag provided in the JWE. The following are spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly.

Remediation: Users should upgrade to a version >= 0.6.2.2

Official announcement: For details, please refer to the link – https://access.redhat.com/errata/RHSA-2023:4410

Preface: AMD explain this design flaw. Do you have any queries?

Background: Ryzen is multi-core X86 (64) microprocessors. AMD made its own as an extension of the x86 instruction set. In some AMD processors using frequency scaling .

CPU Frequency Scaling is a feature that enables the operating system to scale the CPU frequency up or down to save power. Depending on the system load the CPU frequencies can be scaled automatically, this is in response to the ACPI events. It can also be manually done by using some programs.

Vulnerability details: A potential power side-channel vulnerability in AMD processors may allow an authenticated attacker to monitor the CPU power consumption as the data in a cache line changes over time potentially resulting in a leak of sensitive information.

Ref: Hertzbleed is a hardware security attack which describes exploiting dynamic frequency scaling to reveal secret data. The attack is a kind of timing attack, bearing similarity to previous power analysis vulnerabilities. Hertzbleed is more dangerous than power analysis, as it can be exploited by a remote attacker.

Official announcement: For details, please refer to the link – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7006.html

Preface: RCS enables more dynamic and secure conversations than SMS and MMS. It allows users to share high-resolution photos and videos up to 100MB in size.

Background: About one year ago, Google’s next-generation flagship Pixel 7 series appears in the Android 13 developer preview, using Samsung’s baseband chip, model g5300b.

RCS is the successor to the old SMS standard, and Google has been pushing this feature hard over the past few years. Now, at Google I/O, the company confirmed that over 800 million people now have RCS on their phones.

To check if a user’s device is RCS-enabled and capable of communicating with an RBM agent, you can request the device’s capabilities. Identifying which features a device supports, if any at all, allows your agent to tailor the conversation to the device’s capabilities and avoid presenting interactions that are difficult or impossible for the user to complete.

Vulnerability details: An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.

Official announcement: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-31116

Preface: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set “\t\n\f\r\u0020\u2028\u2029” in JavaScript contexts that also contain actions may not be properly sanitized during execution (CVE-2023-24540)

Background: OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.

OADP backs up Kubernetes/OpenShift objects and internal images by saving them as an archive file on object storage. OADP backs up persistent volumes (PVs) by creating snapshots. You can restore all objects in a backup or filter the restored objects by namespace, PV, or label. You can schedule backups at specified intervals.

The default OADP plugins enable Velero, a tool that’s used to integrate with certain cloud providers and to back up and restore OpenShift Container Platform resources.

Security Fix(es) from Bugzilla:

• golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

Affected Products

• OpenShift API for Data Protection 1 x86_64

Fixes

• BZ – 2196027 – CVE-2023-24540 golang: html/template: improper handling of JavaScript whitespace
• OADP-1504 – oadp-1.0: Restoring pod using image from openshift build randomly ImagePullBackoff

Preface: The company was founded in 2007. MobileIron, he is early pioneer in mobile security and management for smartphones and tablet computers, such as iPhone, iPad, Android…etc.

Background: Core supports a number of application program interfaces (APIs):

• MobileIron WebService API
• MobileIron V2 API
• MobileIron ServiceConnect API

The MobileIron V2 API is a RESTful API you use to send HTTPS requests to get data from and provide data to MobileIron. The MobileIron V2 API requires basic authentication to authorize API calls. Each API call requires that the credentials you use for basic authentication belong to a user who has been assigned the necessary role to make that particular call. If some misuse, cyber security matter will be occurred.

Vulnerability details: Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023.

Ref: RESTful APIs often use authentication and session management to verify the identity of users and maintain their state across multiple requests. However, if these mechanisms are not implemented correctly, attackers can exploit them to gain unauthorized access to sensitive data or functionality.

Official details: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-35078

Preface: We can only use the Neural Engine through Core ML. Core ML is the foundation for domain-specific frameworks and functionality. You can build and train a model with the Create ML app bundled with Xcode. Models trained using Create ML are in the Core ML model format and are ready to use in your app.

Background: Core ML is the foundation for domain-specific frameworks and functionality. Frameworks are self-contained, reusable chunks of code and resources you can import into many apps. You can even share them across iOS, tvOS, watchOS and macOS apps. When combined with Swift’s access control, frameworks help define strong, testable interfaces between code modules.

Ref: Frameworks are self-contained, reusable chunks of code and resources you can import into many apps. You can even share them across iOS, tvOS, watchOS and macOS apps. When combined with Swift’s access control, frameworks help define strong, testable interfaces between code modules.

Vulnerability details: Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation)

Impact: An app may be able to execute arbitrary code with kernel privileges

Description: The issue was addressed with improved memory handling.

Ref: The iPhone 14’s A15 chip has a 6-core CPU, 5-core GPU, and a 16-core Neural Engine.

Official announcement: For details, please refer to link – https://support.apple.com/en-us/HT213841