CVE-2018-10299 – integer overflow jeopardize Ethereum Zone

May 2, 2018 admin 18 Comments

In the view of cryptocurrency supporter, Ethereum is the best. The cyber incident occured in cryptocurrency world so far shift the security focus to e-wallet (end point). Perhaps the cyrpto platform itself contains design limitation. However the end point design of crypto currency platform looks have more space for improvement.

If you install the MetaMask browser plugin, you can manage your accounts in your browser. The keys are stored only on your browser, so you are the only one who has access to your account and the private key. But when the web browser encounter vulnerability. It may jeopardize your private key. So security urge the crypto currency owner make use of hardware token instead of software.

We understand that web3.js is a collection of libraries which allow you to interact with a local or remote Ethereum node, using a HTTP or IPC connection. Java application encounter vulnerabilities caused end user encounter cyber attack is not a news. Above informative diagram shown the integer overflow vulnerability of Ethereum case study involves java applet on the client side. As a front end application, Java application may not aware that he is the accomplice with the cryptocurrency cyber security incident.

Return to reality. Below headline news shown the vulnerabilities occurred in Ethereum (see below for reference). I am wishing that above details can provides hints to you for reference. Let’s us awaken the design weakness of Ethereum cypto currency platform.

Critical EOS Smart Contract Vulnerability Discovered By Auditing Firm

https://bitcoinexchangeguide.com/critical-eos-smart-contract-vulnerability-discovered-by-auditing-firm/

Potential Risk of CVE, Public safety

Siemens – (CVE-2018-4832): Siemens Security Advisory by Siemens Product 18th Apr 2018

May 1, 2018 admin

The Gas and Petroleum industries requires automation to enhance their overall operation in last decade. And therefore the automation system setup requires Supervisory control and data acquisition (SCADA). We noticed that hackers targeted SCADA system installed in nuclear power facilities. We are living in digital age and therefore electricity power supply similar air and water. So system automation hardware vendor has responsibility to hardening their system design. Siemens found vulnerability in their Automation Technology Process control systems (PCS 7) on April last month. For more details, please refer below url for reference.

Vulnerability details

https://cert-portal.siemens.com/productcert/pdf/ssa-348629.pdf

My Speculation:

1. A denial of service vulnerability exists in the remote procedure call (RPC) facility due to a failure in communicating with the NTLM security provider when performing authentication of RPC requests. An anonymous attacker could exploit the vulnerability by sending a specially crafted RPC authentication request to a computer over the network. An attacker who successfully exploited this vulnerability could cause the computer to stop responding and automatically restart.

2. GetMachineName ( ) copies machine name to a fixed 32 byte buffer causes problem occurs.

Blockchain, Potential Risk of CVE

Ethereum – CVE-2018-10468

May 1, 2018 admin

As far as I remember, the goal of bitcoin technology aim to replace the traditional payment. In additional, the slogan of bitcoin is that it can provides a more secure way to send the money and it is hard to counterfeit. We heard cyber security incidents happened in bitcoin industry frequently last year. Ethereum , a most relieable and popular crypto currency in the bitcoin industy. A vulnerability found in Ethereum that it give a way to hacker do the re-engineering. Hacker is able to transform the transfer function ( transferFrom()). Detail shown as below:

The transferFrom function of a smart contract implementation for Useless Ethereum Token (UET), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims’ balances into their account) because certain computations involving _value are incorrect, as exploited in the wild starting in December 2017, aka the “transferFlaw” issue.

For more details, please refer below url for reference.

https://peckshield.com/2018/04/28/transferFlaw/

Potential Risk of CVE, Under our observation

6 vulnerabilities in some Huawei products – The culprit,SOAP!

April 30, 2018 admin 1 Comment

The Simple Object Access Protocol (SOAP) invoking objects on remote machine.
It is XML-based messaging thus run on top of HTTP/HTTPS.
That is the reason why firewall cannot significant block them.

An announcement issued by HUAWEI. For more details, please refer below url for reference.

Security Advisory – Six Vulnerabilities in Some Huawei Products

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180207-01-soap-en

Application Development, Public safety, Under our observation

Attention: Stay Alert – Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

April 27, 2018 admin 2 Comments

Preface:

PHP is a widely-used open source general-purpose scripting language that is especially suited for web development and can be embedded into HTML.

Security concern by security experts

The security issues are typically exposed when PHP code makes use of system-level calls.

Found critical security problem today! – Original release date: April 27, 2018

The Multi-State Information Sharing & Analysis Center (MS-ISAC) has released an advisory on multiple Hypertext Preprocessor (PHP) vulnerabilities. An attacker could exploit one of these vulnerabilities to take control of an affected system.

NCCIC encourages users and administrators to review MS-ISAC Advisory 2018-046 and the PHP Downloads page and apply the necessary updates.

See whether any short term remediation can take before upgrade?

1.Restrict PHP Information Leakage

expose_php=Off

2.Disable Remote Code Execution

Allow_url_fopen=Off

allow_url_include=Off

3.Not show errors to the visitors

(/etc/php.d/security.ini file)

log_errors=On

error_log=/var/log/httpd/php_scripts_error.log

4.Disable Dangerous PHP Functions (php.ini)

disable_functions =exec,passthru,

shell_exec,system,proc_open,popen,curl_exec,

curl_multi_exec,parse_ini_file,show_source

5.Upload Files (/etc/php.d/ directory)

file_uploads=Off

6.Control File System Access

always keep the open_basedir directive set to the /var/www/html directory.

open_basedir=”/var/www/html/”

7.Control the POST Size (/etc/php.d/security.ini)

post_max_size=1k

— End —

Potential Risk of CVE

Attention: PeopleSoft Enterprise PeopleTools (Rich Text Editor) vulnerability – Apr 2018

April 27, 2018 admin

CVE#	Product	Component	Protocol	Remote Exploit without Auth.?	CVSS VERSION 3.0 RISK (see Risk Matrix Definitions)									Supported Versions Affected	Notes
CVE#	Product	Component	Protocol	Remote Exploit without Auth.?	Base Score	Attack Vector	Attack Complex	Privs Req’d	User Interact	Scope	Confid- entiality	Inte- grity	Avail- ability	Supported Versions Affected	Notes
CVE-2018-2772	PeopleSoft Enterprise PeopleTools	Rich Text Editor	HTTP	No	8.8	Network	Low	Low	None	Un- changed	High	High	High	8.54, 8.55, 8.56

Attention: CVE-2018-2772

Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data.

Official announcement shown below url for reference.

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Potential Risk of CVE, Under our observation

CVE-2018-0229: See whether is there any attack make use of this vulnerability transform another type of attack in future?

April 27, 2018 admin

Seems firewall administrator do not take the single sign-on authentication method in firewall. Perhaps it can’t fulfill audit requirement. Cisco found SAML Authentication Session Fixation Vulnerability. The vulnerability exists because there is no mechanism for the ASA or FTD Software to detect that the authentication request originates from the AnyConnect client directly. An attacker could exploit this vulnerability by persuading a user to click a crafted link and authenticating using the company’s Identity Provider (IdP). My concerns is that see whether is there any attack make use of this vulnerability transform another type of attack in future?

Cisco Official announcement is shown as below:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asaanyconnect

Potential Risk of CVE

Date:2018-April-25 – Drupal Releases Critical Security Updates

April 26, 2018 admin

Perhaps we urge the developers to do the re-engineering the core. There are 2 times of critical vulnerabilities happened within 1 week (18th Apr 2018, 24th Apr 2018). It provide a bad reputation of the brand. The founder is better to end the life of this product then make a new generation of CMS system.

Official announcement:

https://www.drupal.org/security

Potential Risk of CVE, Under our observation

Be alert! Vulnerability in the Java SE, Java SE Embedded and JRockit component of Oracle Java SE (subcomponent: Serialization).

April 26, 2018 admin 3 Comments

The security concerns on CVE-2018-2815, please staying alert. For more details, please see below:

The Java Security Architecture (JSA) defines ways for unprivileged code to perform privileged operations using

AccessController.doPrivileged().

2. The method includes create a new PrivilegedIntrospectHelper.

3. The new PrivilegedIntrospectHelper will be executed on a privileged block. This block will all internalIntrospecthelper(bean,prop,value,request,param,ignoreMethodNF) which will allow to invoke encapsulation (setter).

4. Result:

With encapsulation we pretend that nothing is revealed about the internal representation of an object, and we interact with our components only through their public interfaces; a desirable attribute that we usually exploit later when we want to change the internal representation of data in a component without breaking any code from its users.

Official security update show as below url:

http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html

Blockchain, cyber security incident news highlight

Hackers jailbreak MyEtherWallet Infrastructure (Apr 2018)

April 25, 2018 admin

ISPs tend to restrict what an end customer can advertise. However, any ISP do not filter customer advertisements.
A possible factor let’s hacker compromise the customer router thus advertise errant information into the global routing table.

An attackers stolen at least $13,000 in Ethereum within two hours.

Security expert speculate that it is a DNS attack. But many attack method can be used. For example: BGP hijacking. The scenario displayed on above diagram.

Headline news shown as below:

https://www.theverge.com/2018/4/24/17275982/myetherwallet-hack-bgp-dns-hijacking-stolen-ethereum

Cyber security technical information

CVE-2018-10299 – integer overflow jeopardize Ethereum Zone

Siemens – (CVE-2018-4832): Siemens Security Advisory by Siemens Product 18th Apr 2018

Ethereum – CVE-2018-10468

6 vulnerabilities in some Huawei products – The culprit,SOAP!

Attention: Stay Alert – Multiple Vulnerabilities in PHP Could Allow for Arbitrary Code Execution

Attention: PeopleSoft Enterprise PeopleTools (Rich Text Editor) vulnerability – Apr 2018

CVE-2018-0229: See whether is there any attack make use of this vulnerability transform another type of attack in future?

Date:2018-April-25 – Drupal Releases Critical Security Updates

Be alert! Vulnerability in the Java SE, Java SE Embedded and JRockit component of Oracle Java SE (subcomponent: Serialization).

Hackers jailbreak MyEtherWallet Infrastructure (Apr 2018)

antihackingonline.com