Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Local privilege escalation vulnerability. Show all posts

ExtraReplica: Microsoft Patches Cross-Tenant Bug in Azure PostgreSQL

 

Recently, Microsoft has patched pair of security vulnerabilities in its Azure Database for PostgreSQL Flexible Server which could have been exploited to execute malicious code. On Thursday, cyber security researchers from Wiz Research published an advisory on "ExtraReplica," wherein they described it as a "cross-account database vulnerability" in Azure's infrastructure. 

The first is a privilege escalation bug in a modification that Microsoft made to the PostgreSQL engine and the second bug leverages the privilege escalation enabled by the former to give attackers cross-account access. 

Microsoft Azure is a hybrid cloud service and accounts for hundreds of thousands of enterprise customers, it also provides various services to different enterprises including software as a service (SaaS), infrastructure as a service (IaaS), and platform as a service (PaaS). 

It supports various programming languages, frameworks, and tools including both Microsoft-specific and third-party software and systems, as well as housing the data for various other Microsoft tools is one of its key features. 

According to the report, security vulnerabilities in the software could be used to bypass Azure's tenant isolation, which prevents software-as-a-service (SaaS) systems users from accessing resources belonging to other tenants. 

Also, ExtraReplica's core attack vector is based on a flaw that gave full access to customer data across multiple databases in a region without authorization, researchers from cloud security vendor Wiz Research recently added. 

"An attacker could create a full copy of a target database in Azure PostgreSQL [Flexible Server], essentially exfiltrating all the information stored in the database…," 

 “…The vulnerabilities would have allowed attackers to bypass firewalls configured to protect the hosted databases unless an organization had configured it for private access only but this is not the default configuration," says Ami Luttwak, co-founder and CTO at Wiz. 

Following the attack, Microsoft said it has mitigated the security vulnerabilities in the second week of January 2022, less than 48 hours after Wiz had warned about the attack. However, the company said that its research showed no evidence that hackers has exploited the vulnerabilities to access customer data.

Privilege escalation vulnerability in VMware Workstatation and Player fixed

VMware, one of the popular virtual machine software, has issued security update for VMware Workstation and VMware Player patches a vulnerability(CVE-2013-5972) that could result in an escalation of privilege on Linux-based host machines.

"VMware Workstation and VMware Player contain a vulnerability in the handling of shared libraries. " the Security advisory reads.

The vulnerability allows a local attacker to escalate the privilege to root in the host OS.  The security flaw doesn't allow an attacker for privilege escalation from the Guest Operating System to the host or vice-versa.

VMware workstation 9.x versions and VMPlayer 6.x versions on Linux host machines are affected by this vulnerability.

Users are recommended to apply the patch.  Download the latest versions from here: 1https://www.vmware.com/go/downloadworkstation , 2.https://www.vmware.com/go/downloadplayer

Security Alert: Linux Kernel Privilege escalation exploit affects Android platform


Android Operating System is based on the Linux, means the vulnerabilities affecting Linux kernel have the possibility of being exploited in the Android platform.

It appears the recently discovered Linux local kernel privilege escalation vulnerability (CVE-2013-2094) is affecting the Android operating system.

According to Symantec researchers, the exploit for the kernel vulnerability has now been modified to work on Android platform. The security flaw allows hacker to gain complete control of the infected devices.

The researchers have warned that malware will take advantage of this exploit to access data from other apps, prevent users from uninstalling the malware, and allows them to send premium rate SMS.

We are not sure how much time Google will take to patch the bug. So, users are advised to download the apps only from trusted marketplaces.