Archive for March, 2019

Zero-Day Vulnerabilities in Microsoft Web Browsers

Analysis Summary

Same Origin Policy (SOP) is a security mechanism that is implemented in modern browsers, the basic idea behind the SOP is the javaScript from one origin should not be able to access the properties of a website on another origin. A SOP bypass occurs when a sitea.com is somehow able to access the properties of siteb.com such as cookies, location, response etc.

The flaws affects the latest version of the Edge Browser, both flaws could be exploited by a remote attacker to bypass same-origin policy on the victim’s web browser.

To successfully exploit these vulnerabilities, the attacker need to do is convince a victim into opening the malicious website, eventually allowing them to steal victim’s sensitive data, like login session and cookies, from other sites visited on the same browser.

Impact

  • Security bypass
  • Cross Site Scripting
  • Credential Theft

Affected Vendors

Microsoft

Affected Products

Microsoft Edge
Internet Explorer

Remediation

Vendor has not released patches/ updates for the affected products.


Informative Update: Gulf Bank – Service Disruption

Analysis Summary

Gulf bank encountered the service disruption on 27th March 2019 which impacted the operations on international transfers , and now Gulf Bank of Kuwait has confirmed that they’ve lost potentially KD 2.8 million’in that targeted attack. They’ve also come out with the announcement that it has only impacted them with the 0.4% of their total capital and it has only affected the international transfers and has not affected any of their customers accounts in any way. 

D26GWv6XgAA1W0P.jpg:large

Impact

Service Disruption

Affected Vendors

Gulf Bank


Rewterz Threat Advisory – CVE-2019-3813 – Amazon Linux update for spice

Analysis Summary

CVE-2019-3813
Spice, versions 0.5.2 through 0.14.1, are vulnerable to an out-of-bounds read due to an off-by-one error in memslot_get_virt. This may lead to a denial of service, or, in the worst case, code-execution by unauthenticated attackers.

Impact

  • Denial of Service
  • Security Bypass

Affected Vendors

Amazon

Affected Products

Amazon Linux 2

Remediation

Apply updated packages via the yum package manager.


Rewterz Threat Advisory – VMware ESXi / Workstation Player Multiple Vulnerabilities

Severity

Medium

Analysis Summary

1) An error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to cause an out-of-bounds memory access.

2) A race condition error related to the virtual USB 1.1 UHCI (Universal Host Controller Interface) can be exploited to corrupt memory.

Successful exploitation of the vulnerabilities #1 and #2 may allow execution of code on the host but requires virtual machine with a virtual USB controller present.

Impact

Security Bypass

Affected Vendors

VMware

Affected Products

VMware Workstation Player 14.xVMware ESXi 6.x

Remediation

Apply patch or update to a fixed version.

VMware ESXi version 6.0:

Apply ESXi600-201903001.

VMware ESXi version 6.5:

Apply ESXi650-201903001.

VMware ESXi version 6.7:

Apply ESXi670-201903001.

VMware Workstation Player:

Update to version 14.1.7.


Rewterz Threat Advisory – Red Hat update for libssh2

Severity

Medium

Analysis Summary

CVE-2019-3863
A flaw was found in libssh2 before 1.8.1. A server could send a multiple keyboard interactive response messages whose total length are greater than unsigned char max characters. This value is used as an index to copy memory causing in an out of bounds memory write error.

CVE-2019-3857
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way SSH_MSG_CHANNEL_REQUEST packets with an exit signal are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3856
An integer overflow flaw, which could lead to an out of bounds write, was discovered in libssh2 before 1.8.1 in the way keyboard prompt requests are parsed. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

CVE-2019-3855
An integer overflow flaw which could lead to an out of bounds write was discovered in libssh2 before 1.8.1 in the way packets are read from the server. A remote attacker who compromises a SSH server may be able to execute code on the client system when a user connects to the server.

Impact

System access

Affected Vendors

RedHat

Affected Products

Red Hat Enterprise Linux Desktop 7
Red Hat Enterprise Linux HPC Node 7
Red Hat Enterprise Linux Server 7
Red Hat Enterprise Linux Workstation 7

Remediation

Updated packages are available via the Red Hat Network.

http://rhn.redhat.com


Rewterz Threat Advisory – CVE-2017-3823 Cisco WebEx Browser Extension Remote Code Execution Vulnerability

Severity

High

Analysis Summary

A vulnerability in Cisco WebEx browser extensions could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the affected browser on an affected system.

The vulnerability is due to a design defect in an application programming interface (API) response parser within the plugin. An attacker that can convince an affected user to visit an attacker-controlled web page or follow an attacker-supplied link with an affected browser could exploit the vulnerability.  If successful, the attacker could execute arbitrary code with the privileges of the affected browser. 

Impact

Execution of arbitrary code

Affected Vendors

Cisco

Affected Products

  • Cisco WebEx extensions and plugins for Windows
  • Versions prior to 1.0.7 of the Cisco WebEx Extension on Google Chrome
  • Versions prior to 106 of the ActiveTouch General Plugin Container on Mozilla Firefox
  • Versions prior to the first fixed version of the GpcContainer Class ActiveX control plugin on Internet Explorer

Remediation

Vendor has released updates for Google Chrome, Firefox and internet explorer that address this vulnerability.


Copyright © Rewterz. All rights reserved.