Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label System Security. Show all posts
System Security
Apache Vulnerability Cyber Security Software system flaws System Security

3 Critical Apache Flaws Discovered: Users Should Update to Avoid Major Risks

3 Critical Apache Flaws Discovered: Users Should Update to Avoid Major Risks

Experts find critical flaws 

The Cyber Security Agency of Singapore has issued warning against three critical flaws in Apache software products. The Apache Software Foundation has released security patches to address these vulnerabilities, which can cause risk to users and organizations using these tools. The three critical vulnerabilities are CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046. 

About CVE-2024-43441, CVE-2024-45387, and CVE-2024-52046 

Out of the affected Apache vulnerabilities, CVE-204-43441 impacts Apache HugeGraph-Server, a graph database server commonly used to deal with complex data relationships. This flaw lets hackers escape security checks, giving unauthorized access to data. Exploiting this flaw can allow threat actors to get entry to restricted systems without needing credentials.

The second flaw, CVE-2024-45387, has been found in Apache Traffic Control, a famous tool for optimizing and managing content delivery networks (CDNs). The flaw only affects Traffic Ops, an important part of Apache Traffic Control. Hackers can misuse this vulnerability to launch SQL injection attacks to modify databases, causing modification or unauthorized data access.

The third flaw, CVE-2024-52046, was found in a network application framework Apache MINA used for various applications. The vulnerability comes from the mishandling of Java’s deserialization protocol, allowing threat actors to send modified serialized data.

“By exploiting this issue, attackers could execute remote code on affected systems, which may result in full system compromise. This vulnerability affects Apache MINA versions before 2.0.27, 2.1.10, and 2.24. The exploitation of this flaw could lead to remote code execution (RCE) attacks, posing a serious risk to users of affected versions,” reports the Cyber Express.

How to address these critical flaws

According to Cyber Express, users and administrators of Apache HugeGraph-Server should upgrade to version 1.5.0 or above to protect themselves against CVE-2024-43441. This update resolves the authentication bypass issue, preventing unauthorized users from gaining access to systems. 

To defend against the SQL injection vulnerability, CVE-2024-45387 in Apache Traffic Control requires users to update to versions higher than 8.0.1. Failure to implement this patch may expose users to data modification or leakage. 

However, CVE-2024-52046 in Apache MINA needs more research. Besides the newest versions (2.0.27, 2.1.10, or 2.24), administrators must take additional precautions to reduce the dangers associated with unbounded deserialization. 

Read more »
System Security
ARM architecture ARM TIKTAG attack Cyber Attacks Cybersecurity Data Leakage Google Chrome security Hacking Linux Vulnerability Memory Tagging Extension speculative execution attack System Security

New ARM 'TIKTAG' Attack Affects Google Chrome and Linux Systems

 

A newly identified speculative execution attack named "TIKTAG" exploits ARM's Memory Tagging Extension (MTE) to leak data with a success rate exceeding 95%, allowing hackers to circumvent this security feature.

This discovery was detailed in a paper by researchers from Samsung, Seoul National University, and the Georgia Institute of Technology. They demonstrated the attack on Google Chrome and the Linux kernel.

MTE, introduced in ARM v8.5-A architecture and subsequent versions, aims to detect and prevent memory corruption. It utilizes low-overhead tagging by assigning 4-bit tags to 16-byte memory chunks to ensure that the tag in the pointer matches the accessed memory region.

MTE operates in three modes: synchronous, asynchronous, and asymmetric, to balance security and performance.

The researchers identified two gadgets, TIKTAG-v1 and TIKTAG-v2, which leverage speculative execution to leak MTE memory tags efficiently. While leaking these tags doesn't directly reveal sensitive information such as passwords or encryption keys, it can potentially weaken MTE's defenses, making systems vulnerable to covert memory corruption attacks.

TIKTAG-v1 exploits CPU behaviors such as branch prediction and data prefetching to leak MTE tags, particularly affecting the Linux kernel functions involving speculative memory accesses, though kernel pointer manipulation is necessary.

The attack involves using system calls to trigger the speculative execution path and measuring cache states to infer memory tags.

TIKTAG-v2 exploits speculative execution's store-to-load forwarding, where a value stored to a memory address is immediately loaded from the same address. If the tags match, the value is forwarded, altering the cache state; if not, forwarding is blocked, leaving the cache state unchanged.

By probing the cache state post-speculative execution, attackers can deduce the tag check results.

The effectiveness of TIKTAG-v2 was demonstrated against the Google Chrome browser's V8 JavaScript engine, potentially exposing memory corruption vulnerabilities in the renderer process.

The researchers reported their findings to the affected parties between November and December 2023, receiving generally positive feedback but no immediate fixes. Their technical paper on arxiv.org suggests several mitigations:

1. Modify hardware design to prevent speculative execution from altering cache states based on tag check results.
2. Insert speculation barriers (e.g., sb or isb instructions) to block speculative execution of critical memory operations.
3. Add padding instructions to extend the execution window between branch instructions and memory accesses.
4. Enhance sandboxing mechanisms to strictly limit speculative memory access paths within safe memory regions.

ARM acknowledged the seriousness of the situation but did not view it as a compromise of the feature, noting that allocation tags are not intended to be secrets within the address space.

Chrome's security team recognized the issues but chose not to address the vulnerabilities, citing that the V8 sandbox is not designed to ensure the confidentiality of memory data and MTE tags. Additionally, Chrome does not currently enable MTE-based defenses by default, making it a lower priority for immediate fixes.

The MTE vulnerabilities in the Pixel 8 device were reported to the Android security team in April 2024 and were acknowledged as a hardware flaw qualifying for a bounty reward.
Read more »
Vulnerabilities and Exploits
Healthcare Rapid7 System Security Vulnerabilities and Exploits

Rapid7 Finds Four Flaws in SIGMA Spectrum Infusion Pump and WiFi Battery



Rapid7 discovers four vulnerabilities

Rapid7 on April 20, 2022 found vulnerabilities in two TCP/IP enabled medical devices found by Baxter Healthcare. The four vulnerabilities impacted the company's SIGMA Spectrum Infusion Pump and SIGMA Wifi battery. 

After five months when Rapid7 reported the issue to Baxter, the organizations are now disclosing they have collaborated to discuss the effect, solution, and a team strategy for these flaws. 

InfoSecurity reports: all these vulnerabilities have now reportedly been fixed, but in the new disclosure report, Heiland clarified that even before the patches were released, the issues could not have been exploited over the internet or at a great distance.

About the vulnerability 

Rapid7 has covered the findings in a recent report, where the firm mentioned Sigma bugs were found by Deral Heiland, Rapid7’s main IoT (Internet of Things) expert. 

To give readers a general idea, Baxter’s SIGMA infusion pumps are generally used by hospitals to give medicine and nutrition directly into a patient's circulatory system. 

The first vulnerability (known as CVE–2022–26390) discovered by Rapid7 made the pump to send the WiFi credentials to the battery unit when it was connected to the primary infusion pump and the infusion pump got power. 

The second vulnerability (known as CVE–2022–26392), on the contrary, observed the exposure of the command 'hostmassage' to format string vulnerability while executing a telnet session on the Baxter SIGMA WiFi battery firmware version 16. 

The third vulnerability (known as CVE–2022–26393) is also a format string vulnerability on WiFi battery software version 20 D29. 

The last and fourth vulnerability (known as CVE–2022–26394) observed WiFi battery units (versions 16, 17 and 20 D29) enabling remote unauthorised modification of the SIGMA GW IP address (used in configuration of back-end communication services for devices' working). 

How does the attack take place?

The threat actor has to be within atleast WiFi range of the impacted devices, and in few instances, he will need to have a direct physical access. 

But if the hacker gets a network access to the pump unit, with a single unauthorised packet, he can make the unit to redirect all back-end system to a host they control, making a scope for for a possible man in the middle (MiTM) attack.

Rapid7 reports:

This could impact the accuracy of the pump data being sent for monitoring and recording purposes, and also potentially be used to intercept Drug library data updates to the pumps — which could potentially be dangerous."



Read more »
Subscribe to: Posts (Atom)