Tag Archives: CVE-2014-0160

Education

Top 5 Most Dangerous CVEs of All Time: Learn from History’s Worst Cybersecurity Threats

Read Time:2 Minute, 24 Second

The Common Vulnerabilities and Exposures (CVE) system is used to identify and track publicly disclosed vulnerabilities and security exposures. Over the years, numerous CVEs have been identified, some of which have been more dangerous than others. In this article, we’ll take a look at some of the most dangerous CVEs ever identified that pose a real threat to your cybersecurity.

  1. Heartbleed (CVE-2014-0160): The Most Dangerous CVE Ever Identified Heartbleed is a security vulnerability in the OpenSSL cryptographic software library. It was discovered in 2014 and is considered one of the most dangerous CVEs ever identified. The vulnerability allowed attackers to steal sensitive information, including passwords and encryption keys, from websites that used OpenSSL. It affected millions of websites, including Yahoo, Airbnb, and the Canada Revenue Agency.
  2. Shellshock (CVE-2014-6271): Vulnerability in the Bash Shell Used by Many Unix-Based Systems Shellshock is a security vulnerability that was discovered in 2014 in the Bash shell used by many Unix-based systems. The vulnerability allowed attackers to execute arbitrary code on vulnerable systems, which could potentially give them complete control over the system. The vulnerability affected many Linux and Unix-based systems, including web servers and routers.
  3. WannaCry (CVE-2017-0144, CVE-2017-0145, CVE-2017-0146, CVE-2017-0147, CVE-2017-0148): Ransomware That Caused Significant Damage to Businesses WannaCry is a type of ransomware that was first identified in 2017. The malware spread rapidly and affected thousands of computers worldwide. It exploited a vulnerability in the Microsoft Windows operating system that allowed it to spread across networks without user interaction. The vulnerability was later patched by Microsoft, but not before WannaCry caused significant damage to businesses and organizations.
  4. Meltdown (CVE-2017-5754): A Security Vulnerability in Modern Microprocessors Meltdown is a security vulnerability that was discovered in 2017 in modern microprocessors. The vulnerability allowed attackers to access sensitive information, including passwords and encryption keys, from a system’s memory. It affected many popular processors, including those from Intel, AMD, and ARM.
  5. Spectre (CVE-2017-5753, CVE-2017-5715): A Difficult-to-Detect and Exploit Security Vulnerability Spectre is a security vulnerability that was discovered in 2017 in modern microprocessors. The vulnerability allowed attackers to access sensitive information, including passwords and encryption keys, from a system’s memory. It affected many popular processors, including those from Intel, AMD, and ARM. Spectre is considered one of the most dangerous CVEs ever identified, as it is difficult to detect and exploit.

The above CVEs are just a few of the most dangerous ever identified. While many vulnerabilities have been discovered and patched over the years, it’s important to remain vigilant and keep your systems up to date with the latest security patches and updates to protect against new and emerging threats. Be sure to watch out for these 5 most dangerous CVEs identified, and take necessary steps to secure your systems against them.

CWE

CWE-130 – Improper Handling of Length Parameter Inconsistency

Read Time:4 Minute, 58 Second

Description

The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

If an attacker can manipulate the length parameter associated with an input such that it is inconsistent with the actual length of the input, this can be leveraged to cause the target application to behave in unexpected, and possibly, malicious ways. One of the possible motives for doing so is to pass in arbitrarily large input to the application. Another possible motivation is the modification of application state by including invalid data for subsequent properties of the application. Such weaknesses commonly lead to attacks such as buffer overflows and execution of arbitrary code.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-240
CWE-119
CWE-119
CWE-805

 

Consequences

Confidentiality, Integrity: Read Memory, Modify Memory, Varies by Context

 

Potential Mitigations

Phase: Implementation

Description: 

When processing structured incoming data containing a size field followed by raw data, ensure that you identify and resolve any inconsistencies between the size field and the actual size of the data.

Phase: Implementation

Description: 

Do not let the user control the size of the buffer.

Phase: Implementation

Description: 

Validate that the length of the user-supplied data is consistent with the buffer size.

CVE References

  • CVE-2014-0160
    • Chain: “Heartbleed” bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.
  • CVE-2009-2299
    • Web application firewall consumes excessive memory when an HTTP request contains a large Content-Length value but no POST data.
  • CVE-2001-0825
    • Buffer overflow in internal string handling routine allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
  • CVE-2001-1186
    • Web server allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents server from timing out the connection.
  • CVE-2001-0191
    • Service does not properly check the specified length of a cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
  • CVE-2003-0429
    • Traffic analyzer allows remote attackers to cause a denial of service and possibly execute arbitrary code via invalid IPv4 or IPv6 prefix lengths, possibly triggering a buffer overflow.
  • CVE-2000-0655
    • Chat client allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
  • CVE-2004-0492
    • Server allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length HTTP header field causing a heap-based buffer overflow.
  • CVE-2004-0201
    • Help program allows remote attackers to execute arbitrary commands via a heap-based buffer overflow caused by a .CHM file with a large length field
  • CVE-2003-0825
    • Name services does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code. Can overlap zero-length issues
  • CVE-2004-0095
    • Policy manager allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value.
  • CVE-2004-0826
    • Heap-based buffer overflow in library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
  • CVE-2004-0808
    • When domain logons are enabled, server allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request with a length value that is larger than the number of structures that are provided.
  • CVE-2002-1357
    • Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code.
  • CVE-2004-0774
    • Server allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
  • CVE-2004-0989
    • Multiple buffer overflows in xml library that may allow remote attackers to execute arbitrary code via long URLs.
  • CVE-2004-0568
    • Application does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
  • CVE-2003-0327
    • Server allows remote attackers to cause a denial of service via a remote password array with an invalid length, which triggers a heap-based buffer overflow.
  • CVE-2003-0345
    • Product allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
  • CVE-2004-0430
    • Server allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
  • CVE-2005-0064
    • PDF viewer allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
  • CVE-2004-0413
    • SVN client trusts the length field of SVN protocol URL strings, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
  • CVE-2004-0940
    • Is effectively an accidental double increment of a counter that prevents a length check conditional from exiting a loop.
CWE

CWE-126 – Buffer Over-read

Read Time:1 Minute, 3 Second

Description

The software reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer.

This typically occurs when the pointer or its index is incremented to a position beyond the bounds of the buffer or when pointer arithmetic results in a position outside of the valid memory location to name a few. This may result in exposure of sensitive information or possibly a crash.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-125
CWE-788

 

Consequences

Confidentiality: Read Memory

Confidentiality: Bypass Protection Mechanism

By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

 

Potential Mitigations

CVE References

  • CVE-2014-0160
    • Chain: “Heartbleed” bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.
  • CVE-2009-2523
    • Chain: product does not handle when an input string is not NULL terminated, leading to buffer over-read or heap-based buffer overflow.
CWE

CWE-125 – Out-of-bounds Read

Read Time:2 Minute, 9 Second

Description

The software reads data past the end, or before the beginning, of the intended buffer.

Typically, this can allow attackers to read sensitive information from other memory locations or cause a crash. A crash can occur when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string. The expected sentinel might not be located in the out-of-bounds memory, causing excessive data to be read, leading to a segmentation fault or a buffer overflow. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent read operation then produces undefined or unexpected results.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-119
CWE-119
CWE-119
CWE-119

 

Consequences

Confidentiality: Read Memory

Confidentiality: Bypass Protection Mechanism

By reading out-of-bounds memory, an attacker might be able to get secret values, such as memory addresses, which can be bypass protection mechanisms such as ASLR in order to improve the reliability and likelihood of exploiting a separate weakness to achieve code execution instead of just denial of service.

 

Potential Mitigations

Phase: Implementation

Description: 

Phase: Architecture and Design

Description: 

Use a language that provides appropriate memory abstractions.

CVE References

  • CVE-2014-0160
    • Chain: “Heartbleed” bug receives an inconsistent length parameter (CWE-130) enabling an out-of-bounds read (CWE-126), returning memory that could include private cryptographic keys and other sensitive data.
  • CVE-2018-10887
    • Chain: unexpected sign extension (CWE-194) leads to integer overflow (CWE-190), causing an out-of-bounds read (CWE-125)
  • CVE-2009-2523
    • Chain: product does not handle when an input string is not NULL terminated (CWE-170), leading to buffer over-read (CWE-125) or heap-based buffer overflow (CWE-122).
  • CVE-2018-16069
    • Chain: series of floating-point precision errors
      (CWE-1339) in a web browser rendering engine causes out-of-bounds read
      (CWE-125), giving access to cross-origin data
  • CVE-2004-0183
    • packet with large number of specified elements cause out-of-bounds read.
  • CVE-2004-0221
    • packet with large number of specified elements cause out-of-bounds read.
  • CVE-2004-0184
    • out-of-bounds read, resultant from integer underflow
  • CVE-2008-4113
    • OS kernel trusts userland-supplied length value, allowing reading of sensitive information