Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label DoS. Show all posts
WiFi
Bugs DoS Firewall Flaws VPN Vulnerabilities and Exploits WiFi

Several Palo Alto Devices Affected by OpenSSL Flaw

 

In April 2022, Palo Alto Networks aims to patch the CVE-2022-0778 OpenSSL flaw in several of its firewall, VPN, and XDR devices. 

OpenSSL published fixes in mid-March to address a high-severity denial-of-service (DoS) vulnerability impacting the BN mod sqrt() function used in certificate parsing, which is tracked as CVE-2022-0778. Tavis Ormandy, a well-known Google Project Zero researcher, uncovered the issue. An attacker can exploit the flaw by creating a certificate with invalid explicit curve parameters. 

The advisory for this flaw read, “The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.” 

“It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.” 

The bug affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and the project's maintainers fixed it with the release of versions 1.0.2zd (for premium support customers), 1.1.1n, and 3.0.2. When parsing an invalid certificate, an attacker can cause the OpenSSL library to enter an infinite loop, resulting in a DoS condition, according to Palo Alto Networks. 

“All PAN-OS software updates for this issue are expected to be released in April 2022. The full fixed versions for PAN-OS hotfixes will be updated in this advisory as soon as they are available.” as per Palo Alto Network. 

During the week of April 18, the company is expected to provide security remedies for the above vulnerability. PAN-OS, GlobalProtect app, and Cortex XDR agent software, according to Palo Alto, have a faulty version of the OpenSSL library, whereas Prisma Cloud and Cortex XSOAR solutions are unaffected. 

“We intend to fix this issue in the following releases: PAN-OS 8.1.23, PAN-OS 9.0.16-hf, PAN-OS 9.1.13-hf, PAN-OS 10.0.10, PAN-OS 10.1.5-hf, PAN-OS 10.2.1, and all later PAN-OS versions. These updates are expected to be available during the week of April 18, 2022.” continues the advisory. 

Customers with Threat Prevention subscriptions can enable Threat IDs 92409 and 92411 to limit the risk of exploitation for this issue while waiting for PAN-OS security upgrades, according to the company.
Read more »
Vulnerability and Exploits
DoS Exploits Linphone Session Initiation Protocol. SIP Vulnerability and Exploits

Attackers Remotely Exploit Bugs in Linphone Session Initiation Protocol (SIP) Stack

 

A team of researchers recently revealed data regarding a zero-click security vulnerability in the Linphone Session Initiation Protocol (SIP) stack that may have been effectively abused without even any effort from the victim's side to corrupt the SIP client as well as trigger a denial-of-service (DoS) situation. 

Linphone is a 20-year-old open-source voice-over IP (VoIP) project that claims to have been the first open-source software on Linux to use the Session Initiation Protocol (SIP). Its SIP software is used by developers and programmers to create communication systems that incorporate instant messaging, audio, and video. It is developed and maintained by France-based Belledonne Communications. 

The flaw, identified as CVE-2021-33056 (CVSS score: 7.5) by researchers, is a NULL pointer dereference vulnerability in the "belle-sip" component, a C-language library that is used to construct SIP transport, transaction, and dialogue layers, with all generations previous to 4.5.20 compromised by the bug. Claroty, an industrial cybersecurity firm, detected and reported the flaw.

To a certain end, the remotely manipulable security flaw can be enabled by appending a malevolent forward-slash ("</") to a SIP message header such as To (the call recipient), From (the call initiator), or Diversion (redirect the destination endpoint), culminating in a collapse of the SIP client program that uses the belle-sip library to manage and parse SIP messages. 

This bug is a zero-click vulnerability, as submitting an INVITE SIP request with a particularly designed From/To/Diversion header leads the SIP client to crash. As a result, any application that uses belle-sip to examine SIP messages will become inaccessible if a fraudulent SIP "call." is received. 

"Successful exploits targeting IoT vulnerabilities have demonstrated they can provide an effective foothold onto enterprise networks," Brizinov said. "A flaw in a foundational protocol such as the SIP stack in VoIP phones and applications can be especially troublesome given the scale and reach shown by attacks against numerous other third-party components used by developers in software projects." 

Furthermore, the latest updates for the core protocol stack have been released, companies who depend on the impacted SIP stack in their products must apply the changes downstream.
Read more »
XSS
DoS Vulnerabilities and Exploits Wire XSS

Attackers Denied of Full Control Over 'Wire' Users' Accounts

 

The developers of the Wire secure messaging app have patched the software against two critical security flaws, one of which could allow an attacker to takeover target users’ accounts. Specifically, the first of the two includes a cross-site scripting (XSS) vulnerability that allowed an attacker to fully control user accounts. The flaw tracked as, CVE-2021-32683, typically impacted the web app version 2021-05-10 and earlier.

According to security experts, threat actors often execute an XSS attack by sending a malicious link to a user and prompting the user to click it. If the app or website lacks proper security protocols, the malicious link executes the attacker’s chosen code on the user’s device. As a result, the attacker can steal the user’s active session cookie. 

Kane Gamble, an independent security researcher discovered two security issues in Wire Messenger versions for web and iOS. Headquartered in Germany with branches in the US, Sweden, and Switzerland, Wire is a popular messaging platform featuring audio, video, and text communications secured via end-to-end encryption with more than 500,000 users. 

The second flaw discovered by the researcher was a less critical denial of service (DoS) issue (CVE-2021-32666) in the iOS version of Wire.

“When we schedule the request to fetch the invalid asset, it’s not possible to create the URL object since the path contains an illegal URL character. This will in turn trigger an assertion which crashes the app,” the security researcher explained. 

Both flaws were subject to a coordinated disclosure process between Gamble and the Wire security team. “The DoS was fixed in version 3.81 and the stored XSS was patched in version 2021-06-01-production.0 [released June 1]. No update is required by the user other than updating your Wire on your iOS device if it hasn’t done so automatically,” Gamble further added.

A Wire spokesperson showed that there is no evidence of active exploitation of any of these bugs in the wild.

“The vulnerabilities were responsibly disclosed to us by a vulnerability researcher and after confirming their validity we fixed and released them as quickly as possible. We also proactively published the vulnerabilities as CVEs for full transparency,” the spokesperson said.
Read more »
Vulnerabilities and Exploits
CyRC DoS Message Brokers Vulnerabilities and Exploits

CyRC Identifies Three Major DoS Flaws in Popular Open Source Message Brokers

 

Synopsys Cybersecurity Research Centre (CyRC) has warned organizations of easily triggered denial-of-service (DoS) vulnerabilities in three widely used open-source message brokers: RabbitMQ, EMQ X, and VerneMQ. 

A message broker is a software that enables applications, systems, and services to communicate with each other and exchange information by translating messages between formal messaging protocols. It is responsible for managing IoT devices like smart home hubs and door locks via common protocol: Message Queuing Telemetry Transport (MQTT). 

MQTT, first released in 1999 is responsible for managing oil pipelines and a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

“Message brokers can be the nerve center of a complex system. If the message broker isn't working, then the various components of the system cannot communicate. Whatever services are provided by that system are unavailable until the message broker is restored,” Jonathan Knudsen, the researcher who identified the vulnerabilities, told SecurityWeek. 

Jonathan Knudsen identified that specially crafted MQTT messages can cause excessive memory consumption in RabbitMQ (owned by VMware), EMQ X, and VerneMQ, leading to the operating system terminating the application.

“These vulnerabilities can be exploited by any system that has access to the message broker. The broker can be configured to require authentication or refuse connections from unrecognized endpoints which would limit external attacks. But for an attacker with access to one of the vulnerable message brokers, the vulnerabilities can be exploited simply by delivering a badly formed network packet, which can be done with a very simple script,” Knudsen explained.

According to EMQ, its message broker has been installed more than 2 million times and it has over 5,000 users globally. RabbitMQ claims to have tens of thousands of users, including small startups and large enterprises. VerneMQ is used by companies such as Microsoft, Volkswagen, Siemens, and Swisscom.

Knudsen and CyRC privately disclosed the flaws to the project maintainers back in March, and all three have now been patched. RabbitMQ users are advised to upgrade to version 3.8.16 or above; EMQ X users to version 4.2.8 or above, and VerneMQ users to version 1.12.0 or above.
Read more »
Vulnerability
DoS Security Technology News Vulnerability

Critical Security Vulnerability Patched By VMware


VMware Inc. a publicly-traded software company recently fixed a critical security vulnerability that permitted the malicious attackers to access sensitive data.

The vulnerability as indicated by them resides in the VMware Directory Service (vmdir) which is a part of vCenter Server version 6.7 on Windows and virtual appliances. Known and tracked as CVE-2020-3952, it is evaluated as critical and gets a CVSSv3 score of 10.

In certain conditions, the vmdir doesn't actualize appropriate security controls, which permits attackers with network access to get to the sensitive data.

By utilizing the obtained information the attacker can compromise vCenter Server or various other services that rely upon vmdir for authentication.

In March VMware tended to high severity privilege escalation and DoS in the Workstation, Fusion, VMware Remote Console and Horizon Client and furthermore published KB article 78543 for additional details if a vCenter Server 6.7 deployment is influenced in any way.

 It is recommended for the user on the off chance that they are utilizing vCenter Server version 6.7, to update with 6.7u3f to fix the aforementioned critical vulnerability.


Here is the example log to check with influenced deployments.

2020-04-06T17:50:41.860526+00:00 data vmdird t@139910871058176: leg tendon MODE: Heritage  

 VMware lastly mentioned that “Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.”
Read more »
Subscribe to: Posts (Atom)