Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Denial of Service vulnerability. Show all posts

After 17 years, the Zlib Crash-An-App Flaw Has Been Patched

 

Four years after the vulnerability was first found but left unpatched, the widely used Zlib data-compression library now has a patch to close a vulnerability that might be abused to crash apps and services. Tavis Ormandy, a bug hunter for Google Project Zero, informed the Open-Source-Software-Security mailing list about the programming error, CVE-2018-25032, which he discovered while trying to figure out what caused a compressor crash. 

"We reported it upstream, but it turns out the bug is already public since 2018, but the update never made it into a release. As far as they are aware, no CVE has ever been assigned to it." Ormandy stated. Furthermore, when Eideticom's Danilo Ramos discovered the defect in April 2018, it was 13 years old, implying this bug had been lurking for 17 years, waiting to be exploited. 

Zlib is a data-compression general-purpose library that is free, and legally unencumbered (i.e., not covered by any patents). It can be used on nearly any computer hardware and operating system. Anyone who has ever used softwares like PKZIP, WinRAR, 7-Zip, or any archiving utilities will attest to how data compression software has always been useful.

The primary goal of data compression is to save space, such as by reducing the amount of storage space required for backups or reducing data transfer bandwidth. Despite the computational overhead of squashing and expanding data before and after storing or sending it, compression frequently saves time and space by reducing the amount of data that must be moved back and forth between a fast storage location like RAM (memory) and a slow storage location like a disc, tape, or network. 

The patch was never included in a Zlib software update, and Ormandy showed a proof-of-concept exploit which works against both default and non-default compression schemes supported by the library just a few days after discovering the problem. This means any attempt to unpack maliciously designed compressed data may cause an application or network service to crash. 

In a nutshell, this is a memory corruption flaw: if user-supplied data is particularly formatted, software that relies on Zlib to compress it can crash and terminate due to an out-of-bounds write. The open-source Zlib is so extensively used that there are plenty of potential avenues for exploitation, which is why this problem is such a huge deal, in contrast to its nearly two-decade history. Zlib's algorithm, DEFLATE, which became an internet standard in 1996, is used to squash and expand data in a variety of file formats and protocols, and the software it handles these inputs to, will almost certainly use zlib. 

According to Sophos, these programs include Firefox, Edge, Chromium, and Tor, as well as the PDF reader Xpdf, video player VLC, Word and Excel compatible software LibreOffice, and picture editor GIMP. The Zlib problem, which was first discovered in 1998, enables data in a pending buffer to corrupt a distance symbol table. Out-of-bounds access can cause the program to crash and even create a denial of service. 

Users should install a non-vulnerable version of the zlib shared library, which they can usually get from the OS maker by downloading the latest updates, and developers should make sure the software packages don't rely on a vulnerable version of the reliance, pushing out app or service updates as needed.

Russia Suspected of Espionage Against Ukraine Via Two Big Nations

 

On Friday, the White House suspected Russia of being behind recent cyberattacks on Ukraine's defense department and banking institutions. 

The statement by Anne Neuberger, the White House's top cyber official, was the most precise attribution of culpability for the cyber breaches which have occurred as tensions between Russia and Ukraine have risen. Although the attacks this week had a "limited impact" since Ukrainian officials were able to swiftly restore its networks, Neuberger believes hackers were laying the framework for future devastating invasions. 

As tensions between Russia and Ukraine rise, Britain has joined the United States in criticizing the GRU military intelligence agency for the widespread denial-of-service attacks. The strike, according to the British Foreign Office, "showed a persistent disdain for Ukrainian integrity." This is just another example of Russia's aggressive behavior toward Ukraine."

Russians may also be laying the foundations for more disruptive measures in the event of a Ukrainian invasion. Neuberger remarked, "We expect more destabilizing or damaging cyber action if Russia decides to continue its invasion of Ukraine, and we're working closely with friends and partners to guarantee to be prepared to call out the behavior and respond." 

The United States was publicly criticizing Russia because it needed to "call out the action swiftly." "The international community must be ready to expose harmful cyber operations and hold actors accountable for any disruptive or damaging cybersecurity threats," Neuberger added. 

The widespread breach of service attacks on Tuesday was described by Ukrainian officials as the deadliest in the country's history. However, while these certainly affected internet banking, hampered some government-to-public interactions, and were definitely intended to induce fear. "Typical DDoS attacks survive because the defenders are untrained," said Roland Dobbins, DDoS engineer at cybersecurity organization Netscout, adding that the most market mitigation technologies designed to resist such attacks are ineffective.

Apple iOS Susceptible to HomeKit 'Doorlock' Vulnerability

 

A cybersecurity researcher has uncovered a novel persistent denial of service flaw called 'doorLock' in Apple HomeKit, impacting iOS devices. 

The security researcher Trevor Spiniolas publicly disclosed the details and explained in a blog post that Apple has known about the bug since August 10, 2021. As a matter of concern, the company doesn’t seem interested in fixing the bug, despite the repeated promises. 

“I believe this bug is being handled inappropriately as it poses a serious risk to users and many months have passed without a comprehensive fix. The public should be aware of this vulnerability and how to prevent it from being exploited, rather than being kept in the dark,” Spinolas stated.

Apple HomeKit is a software platform that allows iPhone and iPad users to control smart home appliances from their devices. To trigger the flaw, the threat actor requires to alter the name of a HomeKit device to a string larger than 500,000 characters. Subsequently, if an iOS device connects to HomeKit it will become unresponsive once it reads the device name and enters a cycle of freezing and rebooting that can only be ended by wiping and restoring the iOS device.

To make the situation worse, once the device reboots and the user signs back into the iCloud account linked to the HomeKit device, the bug will be triggered again, with the cycle continuing until the device owner switches off the option to sync home devices from iCloud.

Hence, it is possible that a threat actor could exploit a user’s existing HomeKit-enabled device, the most likely way the exploit would be triggered is if the attacker designed a spoof Home network and tricked a user into joining via a phishing email. This attack could be used as a ransomware vector, locking iOS devices into an unusable state and demanding a ransom payment to set the HomeKit device back to a safe string length. 

"In iOS 15.1 (or possibly 15.0), a limit on the length of the name an app or the user can set was introduced. The introduction of a local size limit on the renaming of HomeKit devices was minor mitigation that ultimately fails to solve the core issue, which is the way that iOS handles the names of HomeKit devices. If an attacker were to exploit this vulnerability, they would be much more likely to use Home invitations rather than an application anyways, since invitations would not require the user to actually own a HomeKit device.,” Spiniolas explained in his blog post. 

To mitigate the risk, the researcher recommended iOS users is to immediately reject any invitations to join an unknown Home network. Additionally, iOS users who currently use smart home devices can guard themselves by entering the Control Center and disabling the setting “Show Home Controls.” 

Broadcom WiFi Chipset Driver Defect Takes Its Toll On OSs, IoTs, Phones and Other Devices.




Reportedly, the flaws in the Broadcom WiFi chipset drivers are causing a lot of trouble for phones and operating systems that are exposed to it.


This means, attackers could be allowed to execute arbitrary code and initiate DOS. (Denial of Service)

As reported by an intern of a reputed lab, the Broadcom drivers and the open source “brcmfmac” driver possess several vulnerabilities.

As it turns out, the Broadcom drivers are susceptible to “two heap buffer overflows.” Whereas, the ‘brcmfmac’ drivers are susceptible to frame validation bypass as well as heap buffer overflow.

Per the Common Weakness Enumeration database, the heap buffer overflows could cause the software to run in an infinite loop, system crashes, along with execution of arbitrary code.


These above activities are evidently beyond the security policies and security services.

The aforementioned Broadcom WiFi chips are insidiously used by almost everyone without their knowing it. From a laptop through the IoT devices to the smart TVs all the devices have these chip drivers.


As these chips are enormously prevalent, they comprise of an even more enormous target range. Any simple vulnerability or flaw found in them could be a matter of serious risk.

The Broadcom WiFi chipset drivers could be easily exploited by the unauthenticated attackers by way of sending malicious “WiFi packets”.

These packets would later on help in initiating the arbitrary code execution. All the attacks would simply lead to Denial of Service.

In the list of the risks that stand to vulnerable devices, Denial of Service attacks and arbitrary code execution are on the top. These flaws were found also in Linux kernel and the firmware of Broadcom chips.

According to the source note, the four brcmfmac and Broadcom wl drivers vulnerability is of the sort, CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503.

·       CVE-2019-9503: When the driver receives the firmware event frame from the remote source, it gets discarded and isn’t processed. When the same is done from the host the appropriate handler is called. This validation could be bypassed if the bus used is a USB.

·       CVE-2019-9500: A malicious event frame could be constructed to trigger a heap buffer overflow.



·       CVE-2019-9501: The vendor is supplied with the information with data larger than 32 bytes and  a heap buffer overflow is triggered in “wlc_wpa_sup_eapol”

·       CVE-2019-9502: when the vendor information data length is larger than 164 bytes a heap buffer overflow is triggered in “wlc_wpa_plumb_gtk”

If the wl driver’s used with SoftMAC chipsets the vulnerabilities are triggered in the host’s kernel whereas, when used with FullMAC chipset, they are triggered in chipset’s firmware.

There are approximately over 160 vendors that stand vulnerable to Broadcom WiFi chipsets within their devices.

Two of Broadcom’s vulnerabilities were patched which were found in the open source brcmfmac Linux kernel.

CVE-2019-8564 vulnerability had been patched by Apple as a part of their security update, a day before the developer revealed the vulnerabilities.

Vulnerability in Snapchat allows hackers to remotely crash iPhones

A New security flaw has been discovered in Snapchat app allows a hacker to launch denial of service attack that will crash your Iphone devices.

A cyber security researcher Jaime Sanchez today exposed a security bug in Snapchat app that allows an attacker to send thousands of messages within few seconds.  Users can only recover the phone by hard reset.

The app generates a new token whenever user send a message, in order to verify their identity.  

According to Los Angeles Times, vulnerability allows to reuse the old tokens generated by the app to send new messages.  A cyber criminal can use these old tokens to send a large amount of spam messages.

The researcher hasn't informed Snapchat about the vulnerability and told Los Angeles times that Snapchat has no respect for the cyber security research community.

The reason why researcher is saying that is because Snapchat recently ignored a security bug reported by security researchers that could be used to expose user data.

Three critical vulnerabilities identified in Apache Tomcat 7 and 6


The Tomcat security team has identified three critical vulnerabilities in the Apache Tomcat , an open source web server and servlet container . The vulnerabilities affect 7 and 6 versions .

CVE-2012-4534: Denial of Service(DOS) vulnerability
When using the NIO connector with sendfile and HTTPS enabled, if a
client breaks the connection while reading the response an infinite loop
is entered leading to a denial of service. Tomcat 7.0.0 to 7.0.27 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-3546 : Apache Tomcat Bypass of security constraints
When using FORM authentication it was possible to bypass the security constraint checks in the FORM authenticator by appending "/j_security_check" to the end of the URL if some other component (such as the Single-Sign-On valve) had called request.setUserPrincipal() before the call to FormAuthenticator#authenticate(). Tomcat 7.0.0 to 7.0.29 and Tomcat 6.0.0 to 6.0.35 are affected .

CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
The CSRF prevention filter could be bypassed if a request was made to a
protected resource without a session identifier present in the request. Tomcat 7.0.0 to 7.0.31 and Tomcat 6.0.0 to 6.0.35 are affected .

Users of affected versions are advised to upgrade their Tomcat with the latest versions.