The spookiest vulnerabilities for Halloween 2019

Summary:

Halloween has arrived and what is more spooky then having third party

ghosts in your systems? We have rounded up a handful of newly released

vulnerabilities. This is our 2019 Halloween exploit round up.

Golang

We start of by one of the most newest thing we see in modern

tech stacks, It’s a fairly new language, It’s Golang!



Golang is a programming language that was released in 2009 by Google.

It’s actively used in larger companies tech stacks

CVE-2019-17596 dsa-4551 Denial of service panic in dsa.Verify()

A denial of service vulnerability has been found in golangs

DSA cryptographical key verification function.

If a third party is sending invalid dsa keys

and the input is passed to the dsa.Verify function it will

cause a panic exception and the application will die.

Link: CVE-2019-17596 Mitre

CVE-2019-6486

A lot of newer languages claim to be memory safe

but often lack safety when it comes to eating up to much CPU power. This vulnerability is one for Golang’s elliptic curve library

that was found by Google’s Project Wycheproof .

Link: crypto/elliptic: CPU DoS vulnerability affecting P-521 and P-384 #29903

CVE-2019-9741

A Carriage Return (ASCII 13, \r) Line Feed (ASCII 10,

) injection

vulnerability has been found in the function http.NewRequest.

This vulnerability could allow execution of arbitrary commands

hidden in the HTTP request.

Link: Debian announce list

We recommend that you upgrade to the latest version of golang

and recompile your programs.

$ file /tmp/file.txt /tmp/file.txt: ASCII text

File is a standard utility that can be found in the majority of

Unix based operating systems such as Apple’s Mac, BSD and linux.

A heap buffer overflow has been found by Google’s oss-fuzz project.

The vulnerability has been located in the functions:

cdf_read_property_info cdf_unpack_summary_info cdf_file_summary_info

A successful exploitation of this will allow a malicious third

party to execute malicious code.

A patch has been written and published in git commit 46a8443f76cec4b41ec736eca396984c74664f84.

Links:

DSA-4550 CVE-2019-18218

Redhat bug report file on github Oss-fuzz bug

nfs-utils



Network file system allows you to mount a hard drive that is

not physically connected to your computer.

SUSE-linux implementation of nfs has read and write access

to /var/lib/nfs where files owned and operated by the root user.

Links: CVE-2019-3689

ChaosPro

Lets go retro!

If you where editing graphics 10 years ago i am sure you remember the Program Chaos pro!

A buffer overflow has been found in ChaosPro by the author securitychops.

The author takes us throw an exciting blog post where ollydb is used

with the great plugin SafeSEH(Structured Exception Handling)

on a windows XP platform.

Grab something warm to drink and have a nice and cosy security read:

https://securitychops.com/2019/08/24/retro-exploit-series-episode-one-chaospro-3-1.html

SCADA

When we are talking about Supervisory Control and Data Acquisition system security we of course have to mention

one the most famous cyber attacks in modern age Stuxnet. Which was a state sponsored attack to destroy important Scada systems.



You can find SCADA systems in the majority of countries that are

responsible of important infrastructure systems such as power plants

These particular vulnerabilities is for Mitsubishi’s smartRTU.

A bunch of CVE’s has been published by the vendor:

CVE-2019-14925

CVE-2019-14926

CVE-2019-14927

CVE-2019-14928

CVE-2019-14929

CVE-2019-14930

CVE-2019-14931

This bulk of CVE’s is most likely the result of either an internal security

or a possible undisclosed breach that has been taken place.

Read more about the product line here:

SmartRTU

TightVNC

Several security holes has been found in the current version of TightVNC(1.3.10).

CVE-2019-8287

TightVNC code version 1.3.10 contains global buffer overflow in HandleCoRREBBP macro function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVE-2019-15680

TightVNC code version 1.3.10 contains null pointer dereference in HandleZlibBPP function, which results Denial of System (DoS).

This attack appear to be exploitable via network connectivity.

CVE-2019-15679

TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity.

CVE-2019-15678

TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.

This attack appear to be exploitable via network connectivity.

Some of these vulnerabilites reefer to an all most one year old

security report that as published on openwall’s mailing list.

That sums it up for our Spooky exploit round up for Halloween 2019

We hope you have a good night and watch some good horror flicks!

All vulnerabilities in this blog posts are vulnerabilities

that we have indexed and found interesting.

Stay up to date with Vulnerability Management and build cool things with our API

This blog post is part of the exploit of the day series

where we write a shorter description about interesting

exploits that we index.