tags: game Halloween exploitoftheday

Spooky Halloween 2019 exploits

The spookiest vulnerabilities for Halloween 2019

Firo Solutions Halloween 2019 logo

Summary:

Halloween has arrived and what is more spooky then having third party
ghosts in your systems? We have rounded up a handful of newly released
vulnerabilities. This is our 2019 Halloween exploit round up.

Golang

We start of by one of the most newest thing we see in modern
tech stacks, It’s a fairly new language, It’s Golang!
golang logo

Golang is a programming language that was released in 2009 by Google.
It’s actively used in larger companies tech stacks

CVE-2019-17596 dsa-4551 Denial of service panic in dsa.Verify()

A denial of service vulnerability has been found in golangs
DSA cryptographical key verification function.
If a third party is sending invalid dsa keys
and the input is passed to the dsa.Verify function it will
cause a panic exception and the application will die.

Link: CVE-2019-17596 Mitre

CVE-2019-6486

A lot of newer languages claim to be memory safe
but often lack safety when it comes to eating up to much CPU power. This vulnerability is one for Golang’s elliptic curve library
that was found by Google’s Project Wycheproof .

Link: crypto/elliptic: CPU DoS vulnerability affecting P-521 and P-384 #29903

CVE-2019-9741

A Carriage Return (ASCII 13, \r) Line Feed (ASCII 10, \n) injection
vulnerability has been found in the function http.NewRequest.
This vulnerability could allow execution of arbitrary commands
hidden in the HTTP request.

Link: Debian announce list

We recommend that you upgrade to the latest version of golang
and recompile your programs.

file

$ file /tmp/file.txt 
/tmp/file.txt: ASCII text

File is a standard utility that can be found in the majority of
Unix based operating systems such as Apple’s Mac, BSD and linux.
A heap buffer overflow has been found by Google’s oss-fuzz project.
The vulnerability has been located in the functions:

  cdf_read_property_info
  cdf_unpack_summary_info
  cdf_file_summary_info

A successful exploitation of this will allow a malicious third
party to execute malicious code.

A patch has been written and published in git commit 46a8443f76cec4b41ec736eca396984c74664f84.

Links:
DSA-4550 CVE-2019-18218
Redhat bug report file on github Oss-fuzz bug

nfs-utils

NFS harddrive logo
Network file system allows you to mount a hard drive that is
not physically connected to your computer.
SUSE-linux implementation of nfs has read and write access
to /var/lib/nfs where files owned and operated by the root user.

Links: CVE-2019-3689

ChaosPro

chaospro logo

Lets go retro!

If you where editing graphics 10 years ago i am sure you remember the Program Chaos pro!
A buffer overflow has been found in ChaosPro by the author securitychops.

The author takes us throw an exciting blog post where ollydb is used
with the great plugin SafeSEH(Structured Exception Handling)
on a windows XP platform.

Grab something warm to drink and have a nice and cosy security read:
https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html

SCADA

When we are talking about Supervisory Control and Data Acquisition system security we of course have to mention
one the most famous cyber attacks in modern age Stuxnet. Which was a state sponsored attack to destroy important Scada systems.

scada logo
You can find SCADA systems in the majority of countries that are
responsible of important infrastructure systems such as power plants

These particular vulnerabilities is for Mitsubishi’s smartRTU.

A bunch of CVE’s has been published by the vendor:
CVE-2019-14925
CVE-2019-14926
CVE-2019-14927
CVE-2019-14928
CVE-2019-14929
CVE-2019-14930
CVE-2019-14931

This bulk of CVE’s is most likely the result of either an internal security
or a possible undisclosed breach that has been taken place.

Read more about the product line here:
SmartRTU

TightVNC

tightvnc logo

Several security holes has been found in the current version of TightVNC(1.3.10).

CVE-2019-8287

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVE-2019-15680

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS).
This attack appear to be exploitable via network connectivity.

CVE-2019-15679

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVE-2019-15678

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.
This attack appear to be exploitable via network connectivity.

Some of these vulnerabilites reefer to an all most one year old
security report that as published on openwall’s mailing list.

That sums it up for our Spooky exploit round up for Halloween 2019
We hope you have a good night and watch some good horror flicks!

All vulnerabilities in this blog posts are vulnerabilities
that we have indexed and found interesting.

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series
where we write a shorter description about interesting
exploits that we index.