CWE

CWE-695 – Use of Low-Level Functionality

Read Time:23 Second

Description

The software uses low-level functionality that is explicitly prohibited by the framework or specification under which the software is supposed to operate.

The use of low-level functionality can violate the specification in unexpected ways that effectively disable built-in protection mechanisms, introduce exploitable inconsistencies, or otherwise expose the functionality to attack.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-573

 

Consequences

Other: Other

 

Potential Mitigations

CVE References

 

CWE

CWE-694 – Use of Multiple Resources with Duplicate Identifier

Read Time:50 Second

Description

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

If the software assumes that each resource has a unique identifier, the software could operate on the wrong resource if attackers can cause multiple resources to be associated with the same identifier.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

CWE-99
CWE-573

 

Consequences

Access Control: Bypass Protection Mechanism

If unique identifiers are assumed when protecting sensitive resources, then duplicate identifiers might allow attackers to bypass the protection.

Other: Quality Degradation

 

Potential Mitigations

Phase: Architecture and Design

Effectiveness:

Description: 

Where possible, use unique identifiers. If non-unique identifiers are detected, then do not operate any resource with a non-unique identifier and report the error appropriately.

CVE References

 

  • CVE-2013-4787
    • chain: mobile OS verifies cryptographic signature of file in an archive, but then installs a different file with the same name that is also listed in the archive.
CWE

CWE-693 – Protection Mechanism Failure

Read Time:37 Second

Description

The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

This weakness covers three distinct situations. A “missing” protection mechanism occurs when the application does not define any mechanism against a certain class of attack. An “insufficient” protection mechanism might provide some defenses – for example, against the most common attacks – but it does not protect against everything that is intended. Finally, an “ignored” mechanism occurs when a mechanism is available and in active use within the product, but the developer has not applied it in some code path.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Access Control: Bypass Protection Mechanism

 

Potential Mitigations

CVE References

 

CWE

CWE-692 – Incomplete Denylist to Cross-Site Scripting

Read Time:36 Second

Description

The product uses a denylist-based protection mechanism to defend against XSS attacks, but the denylist is incomplete, allowing XSS variants to succeed.

While XSS might seem simple to prevent, web browsers vary so widely in how they parse web pages, that a denylist cannot keep track of all the variations. The “XSS Cheat Sheet” [REF-714] contains a large number of attacks that are intended to bypass incomplete denylists.

Modes of Introduction:

Likelihood of Exploit:

 

Related Weaknesses

CWE-184
CWE-79

 

Consequences

Confidentiality, Integrity, Availability: Execute Unauthorized Code or Commands

 

Potential Mitigations

CVE References

 

Read Time:15 Second

Description

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

Modes of Introduction:

– Architecture and Design

Likelihood of Exploit:

 

Related Weaknesses

 

Consequences

Other: Alter Execution Logic

 

Potential Mitigations

CVE References

 

CWE

CWE-690 – Unchecked Return Value to NULL Pointer Dereference

Read Time:1 Minute, 9 Second

Description

The product does not check for an error after calling a function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference.

While unchecked return value weaknesses are not limited to returns of NULL pointers (see the examples in CWE-252), functions often return NULL to indicate an error status. When this error condition is not checked, a NULL pointer dereference can occur.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-252
CWE-476

 

Consequences

Availability: DoS: Crash, Exit, or Restart

Integrity, Confidentiality, Availability: Execute Unauthorized Code or Commands, Read Memory, Modify Memory

In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.

 

Potential Mitigations

CVE References

 

  • CVE-2008-1052
    • Large Content-Length value leads to NULL pointer dereference when malloc fails.
  • CVE-2006-6227
    • Large message length field leads to NULL pointer dereference when malloc fails.
  • CVE-2006-2555
    • Parsing routine encounters NULL dereference when input is missing a colon separator.
  • CVE-2003-1054
    • URI parsing API sets argument to NULL when a parsing failure occurs, such as when the Referer header is missing a hostname, leading to NULL dereference.
  • CVE-2008-5183
    • chain: unchecked return value can lead to NULL dereference
Advisories

USN-5402-2: OpenSSL vulnerabilities

Read Time:29 Second

USN-5402-1 fixed several vulnerabilities in OpenSSL. This update provides
the corresponding update for Ubuntu 16.04 ESM.

Original advisory details:

Elison Niven discovered that OpenSSL incorrectly handled the c_rehash
script. A local attacker could possibly use this issue to execute arbitrary
commands when c_rehash is run. (CVE-2022-1292)

Aliaksei Levin discovered that OpenSSL incorrectly handled resources when
decoding certificates and keys. A remote attacker could possibly use this
issue to cause OpenSSL to consume resources, leading to a denial of
service. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-1473)

Read More

Advisories

[R1] Nessus Version 10.2.0 Fixes Multiple Third-Party Vulnerabilities

Read Time:33 Second

[R1] Nessus Version 10.2.0 Fixes Multiple Third-Party Vulnerabilities
Arnie Cabral
Thu, 05/26/2022 – 09:30

Nessus leverages third-party software to help provide underlying functionality. Several of the third-party components (zlib, expat, jQuery UI) were found to contain vulnerabilities, and updated versions have been made available by the providers.

Out of caution and in line with good practice, Tenable has opted to upgrade these components to address the potential impact of the issues. Nessus 10.2.0 updates zlib to version 1.2.12, expat to version 2.4.8 and jQuery UI to version 1.13.0 to address the identified vulnerabilities.

Read More

News

Malware-Infested Smart Card Reader

Read Time:26 Second

Brian Krebs has an interesting story of a smart ID card reader with a malware-infested Windows driver, and US government employees who inadvertently buy and use them.

But by all accounts, the potential attack surface here is enormous, as many federal employees clearly will purchase these readers from a myriad of online vendors when the need arises. Saicoo’s product listings, for example, are replete with comments from customers who self-state that they work at a federal agency (and several who reported problems installing drivers).

Read More

News, Advisories and much more

Exit mobile version