Monthly Archives: May 2022

CWE

CWE-690 – Unchecked Return Value to NULL Pointer Dereference

Read Time:1 Minute, 9 Second

Description

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-252
CWE-476

 

Consequences

Availability: DoS: Crash, Exit, or Restart

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Read Memory, Modify Memory

In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

 

Potential Mitigations

CVE References

 

  • CVE-2008-1052
    • Large Content-Length value leads to NULL pointer dereference when malloc fails.
  • CVE-2006-6227
    • Large message length field leads to NULL pointer dereference when malloc fails.
  • CVE-2006-2555
    • Parsing routine encounters NULL dereference when input is missing a colon separator.
  • CVE-2003-1054
    • URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.
  • CVE-2008-5183
    • chain: unchecked return value can lead to NULL dereference
Advisories

USN-5402-2: OpenSSL vulnerabilities

Read Time:29 Second

USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)

Read More

Advisories

[R1] Nessus Version 10.2.0 Fixes Multiple Third-Party Vulnerabilities

Read Time:33 Second

[R1] Nessus Version 10.2.0 Fixes Multiple Third-Party Vulnerabilities
Arnie Cabral
Thu, 05/26/2022 – 09:30

Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components (zlib, expat, jQuery UI) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with good practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus 10.2.0 updates zlib to version 1.2.12, expat to version 2.4.8 and jQuery UI to version 1.13.0 to address the identified vulnerabilities.

Read More

News

Malware-Infested Smart Card Reader

Read Time:26 Second

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.

But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).

Read More

Advisories

USN-5446-1: dpkg vulnerability

Read Time:15 Second

Max Justicz discovered that dpkg incorrectly handled unpacking certain
source packages. If a user or an automated system were tricked into
unpacking a specially crafted source package, a remote attacker could
modify files outside the target unpack directory, leading to a denial of
service or potentially gaining access to the system.

Read More

News

Mastercard expands cybersecurity, risk services with new attack simulation and assessment platform

Read Time:53 Second

Financial services giant Mastercard has announced the launch of a new attack simulation and assessment platform designed to help businesses and governments enhance their cybersecurity operational resilience. Cyber Front, enabled by a strategic minority investment in cybersecurity vendor Picus Security, reveals organizations’ security gaps and provides real-time mitigation insights so they can improve upon cybersecurity investments with continuous validation, Mastercard stated. The launch comes as Mastercard continues to invest in cybersecurity and risk management capabilities.

Cyber Front leverages more than 3,500 real-world threat scenarios

In a press release, Mastercard said that Cyber Front, built as an always-on platform, supports customers in strengthening digital ecosystems by validating the effectiveness of their cybersecurity controls to prevent and detect threats, leveraging a continuously updated library of more than 3,500 real-world threat scenarios. Its ultimate goal is to aid businesses in understanding if their systems are effective and identifying areas of exposure to ensure greater protection in both the immediate and long term, it continued.

To read this article in full, please click here

Read More