Saturday, February 2, 2019

Meltdown and Spectre

Meltdown and Spectre

These are new variety of vulnerabilities which are getting exposed. These vulnerabilities are not in any applications, library or in the kernel. These newly found vulnerabilities are in the way instruction sets are used.
CVEID: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754

 These new class of vulnerabilites needs either intel firmware upgrade and/or kernel upgrade to completely remediate this.

 The complete detail description can be seen in https://meltdownattack.com/

How to verify:

For sles you can update the kernel and can verify whether the vulnerabilities are fixed or not using 
> cat /sys/devices/system/cpu/vulnerabilities/meltdown
Mitigation: PTI
> cat /sys/devices/system/cpu/vulnerabilities/spectre_v1
Mitigation: Barriers
> cat /sys/devices/system/cpu/vulnerabilities/spectre_v2
Mitigation: Full generic retpoline

Side Effect:

note that the new fixes causes some degree of performance loss, so be careful to verify application level performance on the setup where fix are applied.
Posted by at No comments:

Friday, March 3, 2017

CVE-2008-5161:SSH Server CBC Mode Ciphers Enabled

CBC Ciphers has been declared weak but remain present in many of the servers.

Mostly ssh kept it in the default setting in its config.

https://www.suse.com/security/cve/CVE-2008-5161/

If you are paranoid user you can edit /etc/ssh/sshd_config and/or /etc/ssh/ssh_config
and remove cbc ciphers from the Cipher list.
Posted by at No comments:

Tuesday, February 28, 2017

SHA-1 is no more secured and path to deprecation

Now its final SHA-1 is no more secured and path to deprecation!!


Look at the google announcement:
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html

It has been finally proven that the SHA-1 usage in certificates are vulnerable and need to be deprecated.

If you have any certificates you can find what algorithm it uses:
test-vm:~>/usr/bin/openssl x509 -in MyCACert.pem -noout -text | grep "Signature Algorithm"
Signature Algorithm: sha256WithRSAEncryption
Signature Algorithm: sha256WithRSAEncryption

You can also connect to the webserver and see that on the browser security overview.


Just a brief:

What is SHA-2?

SHA-2 (Secure Hash Algorithm 2). The algorithms are collectively known as SHA-2, named after their digest lengths (in bits): SHA-256, SHA-384, and SHA-512

Use Cases?

The SHA-2 hash function is implemented in widely used security applications and protocols, including TLS and SSL, PGP, SSH, S/MIME, and IPsec

Timeline:

SHA-1 should be deprecated by January 2017. (Posting this blog after the period. Idiot ...)
Posted by at No comments:
Labels: , ,

Sunday, February 26, 2017

Bash Shell and simple way to pass and parse arguments

I was searching of some simple way to take arguments without using third party parser.
Using third party parser with all permutation and combination makes the shell script bigger.

For eg: ./example -a "arg1" -b "-arg2"

I have seen people writing while with case or using getopt. Examples of such are in abandon (so not giving here).

lets get into the code

 #!/bin/bash
function usage()
{
  echo "Usage: $0 -a "arg1" -b "arg2"
  exit 0
}

 [ $# -eq 0 ] && usage
#add all your options or flags
for ((i=1;i<=$#;i++));
do
  [ ${!i} = "--help" ] || [ ${!i} = "-h" ] && usage
  [ ${!i} = "-a" ] && ((i++)) && A=${!i} && continue
  [ ${!i} = "-b" ] && ((i++)) && B=${!i} && continue
  echo "Wrong argument ${!i} provided. Run with -h"
  usage && exit 0
done

 #======Write your program having all the args =====
echo "You have provided $A and $B"

Posted by at No comments:
Labels: ,

Monday, October 6, 2014

Shell shock bug in bash. How vulnerable you are?

Shell shock

CVE Number: CVE-2014-7169
Description:
GNU Bash through 4.3 bash43-025 processes trailing strings after certain malformed function definitions in the values of environment variables, which allows remote attackers to write to files or possibly have unknown other impact via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271

Now what it says that if you have vulnerable version of the bash on your system. Then your system can get exploited by any of the following services

  • - Openssh: SSH allows environment variable to pass from client to server using SendEnv (on client side) and AcceptEnv (on server side).

For an eg: Assume that some environment variable is configured to be accepted by the SSHD.
~>export LC_PAPER='() { :;}; echo you are vulnerable'
Now try to do ssh to remote machine
~>ssh abc@127.0.0.1 'date'
you are vulnerable
Mon Apr  6 13:34:17 UTC 2015
Does it means you are really vulnerable? No unless you have restricted shell or added some mechanism to restrict it, in that case attacker can exploit to run the command beyond its authorized limit.


  • - cgi used Apache HTTP Server: On similar lines as cgi uses bash to parse the environment variable it also become vulnerable to it.
  • - DHCP Clinet : This is a higher security risk. If your DHCP server is compromised then some one can inject a environment variable to DHCP client at boot time. As in boot time DHCP client runs in higher privilege  mode an attacker gets the ability to execute the command in higher escalated privilage environment.



The bash itself does NOT crosses the privilege as it can be dispalyed by running the below command from a local user bash shell.
env val='() { :;}; echo `cat ~/onlyroot_access_file`' bash -c "`sudo mysudocommand`"

How to check whether you are vulnerable or not? Run the below command
env val='() { :;}; echo you are vulnerable' bash -c "echo abc"

Posted by at No comments:
Labels: ,

Friday, September 19, 2014

Password Crypt

Secure Password
---------------

Passwords are very critical and if stored in plain text can cause one of the security threats.
Anyone who gets access to the plain-text password will have access to all the things in the world.

There are various schemes available

At this point of time Sha-512 is one of the better known crypt algorithm in used and supported by various linux version.
- For linux box. Edit the /etc/default/passwd file. "CRYPT_FILES=sha512"
Now create a new user or reset the password of existing user
Open the /etc/passwd. You can see your password is saved in the new crypt format $6$salt$xxxxxxxxxxx

If you have your own authentication system developed in java you can use apache common crypt3 function.
apache crypt

import org.apache.commons.codec.digest.Crypt;

 /*get the digest with salt*/
public static String getDigest(String password, String salt) {
  return Crypt.crypt(password, salt);
}
/*get the digest with default salt*/
public static String getDigest(String password) {
  return Crypt.crypt(password);
}

Posted by at No comments:
Labels: , ,

Tuesday, June 26, 2012

Starting To Security

Security is one of the important aspect of any software product.  The aspect becomes much more important if it deals with life saving information.


Its very hard to know where to start with and what are the parameters to measure it.
Posted by at No comments:
Subscribe to: Comments (Atom)