Preface: For security reasons, SAP will not disclose the details of the vulnerability. Security bulletin issued yesterday. However, the end user only needs to tinker. But we don’t know what happened? So my purpose of this topic is to try to dig out details an interest that appeals to you. If , my findings didn’t precise find the reason of this vulnerability. No worries. Since, the weaknesses in client-side JavaScript security in SAPUI5 applications may be ubiquitous. It is easily find the details somewhere.
Background: F0743 (Create Single Payment) is a SAP S/4HANA Transactional app used by a Accounts Payable Accountant through user interface (UI) technology SAP Fiori (SAPUI5). With this app you can make a direct payment to a supplier when no invoice exists and you can pay open supplier line items. When you make a direct payment to a supplier without an invoice, you specify the supplier details, the bank details, and the amount to be paid, then create the payment.
Vulnerability details: Official announcement stated that Multiple vulnerabilities in F0743 Create Single Payment application of SAP S/4HANA.
Results are based on my observations: SAPUI5 is Hybrid app (Because of HTML5). Therefore, SAPUI5 is technology whereas Fiori is a methodology. Fiori focus mainly on mobility. Fiori uses SAPUI5 for frontend and it uses odata to get back end data. Based on the theory above apps built using SAPUI5 are responsive across browsers and devices. They can run on smartphones, tablets, and desktops.If not properly used, SAPUI5 framework is susceptible to various types of security vulnerabilities that usually affect client side JavaScript frameworks.
Static Application Security Testing shown that SAPUI5 contains DOM Based Cross Site Scripting & Code injection loophole. For example (type-0 XSS), vulnerable document.write() sink method that reflects user input directly in the web page DOM structure from the user input textbox retrieved from getValue() method from vulnerable SAPUI5 application.
Impact: It increases the likelihood that client code will behave in an “unexpected” way.
Preface: Privilege escalation attacks can be separated into two way. It is horizontal privilege escalation and vertical privilege escalation. Privilege escalation happens when a malicious user exploits a bug, design flaw, or configuration error in an application or operating system to gain elevated access to resources that should normally be unavailable to them.
Background: Starting with 2109 version, Citrix Workspace app introduces an option to append the User-Agent strings in the network request and identify the source of a network request. Based on this User-Agent strings request, you can decide how to manage your network request. For version 2108, the app protection feature is now fully functional. The app protection feature supports apps and desktop sessions and is enabled by default. However, you must configure the app protection feature in the AuthManConfig.xml file to enable it for the authentication manager and the Self-Service plug-in interfaces.
Vulnerability details: A vulnerability has been identified in Citrix Workspace app for Linux that could result in a local user elevating their privilege level to root on the computer running Citrix Workspace app for Linux.
This vulnerability only affects Citrix Workspace app for Linux 2012 – 2111 and only exists if App Protection was installed as part of Citrix Workspace app for Linux. This vulnerability does not exist if App Protection is not installed.
My observation: Vendor did not disclose details, but due to the design constraints of the product. The vulnerable version of glibc might have possibilities to trigger the design weakness. Because workspace app for Linux (has been installed with App Protection) do not support the app protection feature on the OS that uses glibc 2.34 or later. For more details, please refer to attached diagram.
Preface: Deploy the leading enterprise container runtime with just two commands
Background: Mirantis Container Runtime is the industry-leading, high-level runtime at the heart of Mirantis Kubernetes Engine, enabling it to operate Swarm and Kubernetes containers efficiently on any substrate. It is based on containerd, the Cloud Native Computing Foundation (CNCF) core container runtime. FIPS 140-2 is only supported in MCR. MKE and MSR currently do not support FIPS 140-2.
Vulnerability details: When running with FIPS mode enabled, Mirantis Container Runtime leaks memory during TLS Handshakes which could be abused to cause a denial of service.
Affected Products: Mirantis Container Runtime (MCR) version 20.10.8
Mitigations: FIPS mode is not the default mode of operation.
Observation: One of the possibilities. Users using SSL channels with applications often connecting and disconnecting state. The message digest in such a way which could cause internal resources to fail to be cleaned up when multiple threads were starting and ending SSL sessions concurrently.
Preface: What if , design weakness not directly effect the software component. Is it a vulnerability? Or, can we ignore?
Background: What is the difference between DNS and nameservers? DNS records are what contain the actual information that other browsers or services need to interact with, like your server’s IP address. Nameservers, on the other hand, help store and organize those individual DNS records.
DNSLib is a Python library that provides the framework of a server. The file Client[.]py. Mostly useful for testing. Furthermore, it can optionally compare results from two nameservers (–diff) or compare results against DiG (–dig).
Vulnerability details: The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query.
Remark: Application developers can write their own DNS servers using Python hosted on Kubernetes. Even if the risk of this vulnerability is not very high risk. Maybe it should know.
Preface: About 30 years ago, when we watched TV shows and talked about the universe. The narrator did not say that this was true. Or is it not true? We now have the Internet World Wide Web as an additional data resource aid. Even if you are not a subject matter expert. But if you want to find the information you want to know. You can use your judgment to make a summary of your research. Maybe the information you want to know will be received. Some people say that there is false information on the Internet. Yes, it is ture. Furthermore, if you still doubt the integrity of the information. Therefore, to be or not, this is the spirit of scientific research.
Background: Human civilization depends on science. Logic is the foundation of everything in the world. We all know that there are myths of different races of the religions. However, there are similarities in myths in different religious. They mentioned that God created people and they lived in the sky. In addition, they all recorded the great flood that occurred. And the prophet represented God to save human lives. See if the following two cases resonate with you.
The LORD then revealed to Noah that he would send down a great flood to wash away his holy name. In addition, he also ordered Noah to build an ark to save their life. “Genesis” Chapter 5, Section 6 See-“Genesis” Chapter 11, Section 9
In the Bible a deluge destroys all people except Noah and his ark. In the Avesta, a winter depopulates the earth except in the Vara (“enclosure”) of the blessed Yima, the first one to converse with Ahura Mazda before Zoroaster. The Avesta (/əˈvɛstə/) (Persian: اوستا) is the primary collection of religious texts of Zoroastrianism, composed in the Avestan language. (Ref: The word deluge equivalent to great flood)
Even though historical relic observed by archeologists contains doubt. Suspected that only advanced technology can do. But mainstream explanations are reluctant to mention that it may involve that it was set by creatures outside the earth. Why?
Perhaps they know that doing so is destroying the human civilization that has been established for a long time!
Below details of historical relic has been proven it should require modern technology can do. As a matter of fact, scientist now focus why it build? And who is the builder?
Projects still under investigation:Summary of Mainstream Archaeologists Survey
(1) Pyramid of Giza
Pharaoh Cheops (Khufu) began the first project of the Pyramid of Giza, around 2550 BC. Its largest pyramid is the largest in Giza and is about 481 ft. (147 m) high above the plateau. Its stone masses estimated at approximately 2.3 million, weigh an average of 2.5 to 15 tons.But the interior decoration not similar to traditional tomb. No traditional painting on wall. Even no coffin.
As a matter of fact, ancient Egyptian had built the pyramid. But the scale of the pyramid is small. Furthermore, they cannot maintain pyramid shape compared to great pyramid. Some of the pyramid structure collapse due to ages. Because the structure not as strong as great pyramid. It is obviously, Giza pyramid complex (Pyramid of Khufu, Pyramid of Khafre & Pyramid of Menkaure) not build by ancient Egyptian. Archaeologists believe they will used pulley. And huge slave manpower. But this is not the correct findings. Think it over, how do they move a granite or limestone it weight 2.5 to 15 tons by ancient low end technology.
(2) Puma Punku
Puma Punku is a site located a few miles southwest of the remains of Tiwanaku, at the junction of present-day Peru and Bolivia. The archeologists predicted that it was built around the beginning of the sixth century. In the ancient ruins of Puma Punku, there are many finely processed huge stone slabs. After testing, they are made of andesite (安山岩), have strong durability, and are classified as the most difficult type of stone to be processed, with a Mohs hardness rating of 5-6 .
In the ancient ruins of Puma Punku, people have found that these mysterious boulders have perfectly cut right angles, and some of the stones are full of boreholes. Some scientists said that we now have only two ways to process stones in this way: one is to use advanced laser technology, and the other is to use large diamond cutting tools. What’s even more incredible is that it is difficult to make regular round holes in these hard rocks even with modern technology.
(3) Baghdad Battery
Was the Baghdad Battery really a battery? Found in 1938 by a German archaeologist, the ‘Baghdad Battery’ could be 2,000 years old, and consists of a clay jar, a copper cylinder and an iron rod. Yet while even some experts refer to it as a battery, its true origin and purpose remains unclear.
(4) Derinkuyu
Derinkuyu, it is estimated that the construction dates back to 5,000 years ago, a very old and very mysterious underground city. This dungeon is 60 meters deep, about 20 floors deep.and this underground city can accommodate 20,000 residents. Who build this facility, no record written in history.
If the civil engineer going to build a dungeon which is 60 meters deep, about 20 floors deep. One of the most important device is lighting. It is not possible to use oil lamp. If the founder of Derinkuyu have technology to build this facilities at ancient time. Perhaps they will use similar technology as Dendera light.
The Dendera light is a stone relief in the Hathor temple at Dendera in Egypt. A fringe theory interpretation of the relief is that it depicts some form of ancient Egyptian lighting technology, similar to an arc lamp or cathode ray tube. Perhaps founder of Derinkuyu had make use of Dendera light and Baghdad Battery .
Temple of Hathor, Dendera
The Temple of Dendur is an ancient Egyptian temple built by the Roman governor of Egypt, Petronius, around 15 B.C., as one of many Egyptian temples commissioned by the emperor Augustus.
My conjecture 1.) If you insist on avoiding talking about aliens. From your perspective, the above four examples are history. But, if you think it is not only history or ancient civilization. You can continuous read below details. Do you have any doubts whether there are similarities between gods of different religious?
My conjecture 2.)Repeat my previous description – In the Bible a deluge destroys all people except Noah and his ark. In the Avesta, a winter depopulates the earth except in the Vara (“enclosure”) of the blessed Yima, the first one to converse with Ahura Mazda before Zoroaster. The Avesta (/əˈvɛstə/) (Persian: اوستا) is the primary collection of religious texts of Zoroastrianism, composed in the Avestan language. (Ref: The word deluge equivalent to great flood)
Consider 1: Do you think Derinkuyu whether is a refuge for those rescued at that time?
A Beauty misunderstanding when ancient people meet alien
On December 17, 1903, the Wright brothers drove the self-developed aircraft Flyer One to successfully fly continuously and controlled power for the first time in human history as an aircraft heavier than air, and was widely hailed as the inventor of modern aircraft.
Before that in ancient age, human being did not have flying machine concept. So if they meet an alien. They will say he is god. When he do a painting. Most likely, They will paint a pair of wings add to man or woman body. This is god from tradition so far.
The similarity of God in different religious
a) Anunnaki
The origin of mankind and the cradle of civilization. According to documentary, Mesopotamia is the place of foundation of human. Why? It is because this place found the earliest civilization including well structure city, building faciliteis and text. Pictorial characters first appeared in Uruk, the Sumerian city-state in 3200 BC. In the process of simplifying pictorial writing, Sumer began to gradually replace pictorial symbols with cuneiform symbols, and finally established cuneiform writing.
Zecharia Sitchin devoted his life to the study of the origin of mankind. After 30 years of rigorous research and exploration, he is proficient in Su-American cuneiform writing. Sitchin based on his thirty years study, thus interpret the details on the clay tablets. The cuneiform describe an alien race call Anunnaki. The race of Anunnaki come from a planet named Nibiru outside Neptune. They created the ancient Sumerian culture.
Ref: Niburu also known as Planet Nine or Planet X, Nibiru is supposedly mentioned on ancient Sumerian clay tablet. Does Niburu or Planet X exists? The prediction is based on detailed mathematical modeling and computer simulations, not direct observation. This large object could explain the unique orbits of at least five smaller objects discovered in the distant Kuiper Belt. The Kuiper belt is a circumstellar disc in the outer Solar System, extending from the orbit of Neptune at 30 astronomical units to approximately 50 AU from the Sun. It is similar to the asteroid belt, but is far larger—20 times as wide and 20–200 times as massive. So, its existence is purely conjecture unless Planet-X is observed.
My conjecture 3: Why we do not hear the rumors of Anunnaki in nearly few thousand years?
Nibiru is supposedly mentioned on ancient Sumerian clay tablets and is said to have crashed through the early Solar System creating the asteroid belt and the planet before vanishing again.
b) Ahura Mazda
Zoroastrianism was the most influential religion in the Middle East and West Asia before the birth of Islam, and the state religion of the ancient Persian Empire. Because believers pray in front of the fire, it is also named Zoroastrianism. Ahura Mazda was revealed to the prophet Zoroaster/Zarathustra through a vision he had when he was 30 years old. From certain point of view, Anunnaki and Nabi (Zarathustra) look like similar style.
Overview of different periods (see below)
c) Hopi Kachina
Kachina was a god worshiped by the Weiblo Indians and was considered a medium of communication between man and god. Indians in the American continent have very few beards, and it can be said that they almost do not have beards.
Ants are called Anu in Hopi, and friends are called Naki. Therefore, this so-called “big beard” is called “Anunnaki”. Don’t be surprised, “Anunnaki” also appears in ancient Indian mythology. A book was published in 1963 so called The Hopi Book.
The Hopi said, where did the beard of our religion come from? We now live in the fourth world, the first world was destroyed by fire, the second world was destroyed by freezing, and the third world was destroyed by a great flood.
My conjecture 4: Bible old testament also has similar description. Is is interesting. And this is what our objective said they had similarity.
My conjecture 5: Do you think Derinkuyu whether is a refuge for those rescued at that time? May be it including Hopi people? The shape of Kachina with horns on the head and tail behind it is somewhat similar to the “Nuomu costume” of the Dogon people in West Africa.
What is Dogon Nammo?
The most senior priests of the Dogon people have learned about a phenomenon four hundred years ago. The religious doctrines that have been circulated for four hundred years in the Dogon population contain a wealth of knowledge about a star. The star is invisible with the naked eye, even with a telescope. It is Sirius B star.
Around 120 million years ago, Sirius B was a large white star five times as massive as the sun. Referring to below animations: The outer orbit is Sirius B. There is a brighter star running in other orbit. That is Sirius A. Is an main sequence star.
The daily life of the Dogon civilization is primitive. How does the priest accurately know the orbit and related structure of Sirius. Our civilization was guessed by astronomers about the existence of Sirius B in 1844. They conduct surveys through various modern astronomical instruments such as high-power telescopes. It was only in 1928 that astronomers realized that it was a small but dense white dwarf. It was not until 1970 that the first photo of this star was taken. The Dogon can also accurately draw the elliptical trajectory of Sirius B orbiting Sirius on the sand, and it is very close to the accurate drawing of astronomy. They said that this knowledge was taught to their ancestors by people who looked like fish.
Summary of above description: When you finished reading above details, do you have any comments? Even though you do not agree with my observation. But the historical relic can tell. Perhaps, you will ask, where they are now?
I had very strong feeling in below statement. It is not mean we are the end of world. But according to history and current environment situation. I think we should have protect our environment.
The Hopi said, where did the beard of our religion come from? We now live in the fourth world, the first world was destroyed by fire, the second world was destroyed by freezing, and the third world was destroyed by a great flood.
8th Jan 2022
Reminder: Stephen William Hawking was born on this day in 1942 in Oxford, England. Our great scientist would have been 80 years old today.
Preface: Citrix Hypervisor is based on the Xen Project hypervisor, with extra features and supports provided by Citrix. Citrix Hypervisor 8.2 uses version 4.13. 4 of the Xen hypervisor.
Background: Netfront communicates with a counterpart backend driver called netback in the driver domain, using shared memory I/O channels. The driver domain uses a software bridge to route packets among the physical device and multiple guests though their netback interfaces.
Vulnerability details: Incoming data packets for a guest in the Linux kernel’s netback driver are buffered until the guest is ready to process them. There are some measures taken for avoiding to pile up too much data, but those can be bypassed by the guest:
There is a timeout how long the client side of an interface can stop consuming new packets before it is assumed to have stalled, but this timeout is rather long (60 seconds by default). Using a UDP connection on a fast interface can easily accumulate gigabytes of data in that time. (CVE-2021-28715)
The timeout could even never trigger if the guest manages to have only one free slot in its RX queue ring page and the next package would require more than one free slot, which may be the case when using GSO,XDP, or software hashing. (CVE-2021-28714)
Additional: Traditionally, attacker will use Consecutive hypercall attacks with irregular orders bother to Xen Hypervisor. A new exploitation seems more easy to suspend the service of netback driver. UDP is connectionless, it will be delivered more packets to destination in same specifics time comparing with TCP (connnection orientied). As a result, make use of time compensate the design weakness of memory consumption become a loophole.
Preface: A Pod represents a single instance of a running process in your cluster. Pods contain one or more containers, such as Docker containers. When a Pod runs multiple containers, the containers are managed as a single entity and share the Pod’s resources.
Background: Containerd was designed to be used by Docker and Kubernetes as well as any other container platform that wants to abstract away syscalls or OS specific functionality to run containers on linux, windows, solaris, or other operation system. Kubernetes is removing support for Docker as a container runtime. Kubernetes does not actually handle the process of running containers on a machine. Instead, it relies on another piece of software called a container runtime. CRI is a containerd plugin implementation of Kubernetes container runtime interface (CRI). With it, you could run Kubernetes using containerd as the container runtime.
Vulnerability details: On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files.
Additional: Simple conceptual diagram attached.
Remediation: This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible.
Preface: You cannot connect to a virtual machine’s CD/DVD-ROM device with the Administrator role. By default setting, the Administrator role does not have permission to access a virtual machine’s CD/DVD-ROM device.
Background: Most of the files stored on a VMFS volume, though, are large files – virtual disk files, swap files, installation image files. VMFS operates on disks attached to ESXi servers but not on computers running VMware Workstation or VMware Player.VMFS 6 was released in vSphere 6.5 and is used in vSphere 6.7, vSphere 7.0, and newer versions such as vSphere 7.0 Update 3.
Vulnerability details: VMware ESXi (7.0, 6.7 before ESXi670-202111101-SG and 6.5 before ESXi650-202110101-SG), VMware Workstation (16.2.0) and VMware Fusion (12.2.0) contains a heap-overflow vulnerability in CD-ROM device emulation. A malicious actor with access to a virtual machine with CD-ROM device emulation may be able to exploit this vulnerability in conjunction with other issues to execute code on the hypervisor from a virtual machine.
VMware released security advisory for ESXi hosts. Remedy for ESXi 6.5 and 6.7 are ready. However, 7.0 there only provides workaround. For more details, please refer to the link – https://kb.vmware.com/s/article/87249
Additional: Because the supplier wants to keep it confidential. So the details have not been announced yet. My observations of this vulnerability are drawn in the attached drawings.
Preface: The specifics vulnerability (CVE-2021-1918) has notified customer on 06/07/2021. But vendor security advisory was released on 6th December, 2022. Finally, US-CERT release the details on 3rd Jan, 2021. As a researcher or end user, it is not an issue.
Background: Snapdragon is a suite of system on a chip (SoC) semiconductor products for mobile devices designed and marketed by Qualcomm Technologies Inc. The Snapdragon’s central processing unit (CPU) uses the ARM architecture. In Snapdragon SoCs, three components are used to provide access control: Virtual Master ID Mapping Table (VMIDMT), External Protection Unit (XPU), and System Memory Management Unit (SMMU). VMIDMT and XPU work together. The SMMU is a hardware component that performs address translation and access control for bus initiators outside of the CPU.
Vulnerability details: Certain versions of Snapdragon Consumer IOT Snapdragon Industrial IOT Snapdragon Mobile from Qualcomm Inc. contain the following vulnerability: Improper handling of resource allocation in virtual machines can lead to information exposure in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile.
My observation: Since vendor not providing the technical details. According to Snapdragon design, a well know attack surface will be on SMMU. For the possibilities of cyber attack details, please refer to attached diagram for reference.
Preface: Golang is useful for carrying out programming for scalable servers and large software systems. The Golang programming language was built to fill in the gaps of C++ and Java that Google came across while working with its servers and distributed systems.
Not limited to Google, well-known cloud businesses such as Dropbox, Terraform, Kubernetes, and Docker also develop applications for the Go programming language.
Go as a language is more similar to C, however in addition to C features, Go offers memory safety, garbage collection, structural typing, and CSP-Style concurrency.
Background: There is a function in syscall package, func ForkExec(argv0 string, argv []string, attr *ProcAttr) (pid int, err error) that forks and execs a given process with given arguments and additional ProcAttr in which you can define environment and open files. It handles most of the stuff, even the user/group namespaces.
Vulnerability details: There’s a flaw in golang’s syscall.ForkExec() interface. An attacker who manages to first cause a file descriptor exhaustion for the process, then cause syscall[.]ForkExec() to be called repeatedly, could compromise data integrity and/or confidentiality in a somewhat uncontrolled way in programs linked with and using syscall[.]ForkExec().
.jpg)
.jpg)
