Experts Reported Security Bug in IBM’s DB2 Data Management Software

Cyber-Security researchers today (as on 20-Aug-2020) disclosed details of a memory vulnerability in IBM’s DB2 family of data management products that could potentially allow a local attacker to access sensitive data and even cause a denial of service attacks.

The flaw (CVE-2020-4414), which impacts IBM DB2 V9.7, V10.1, V10.5, V11.1, & V11.5 editions on all platforms, is caused by improper usage shared memory, thereby granting a bad actor to perform unauthorized actions on the system.

By sending a specially crafted request, an attacker could exploit this vulnerability to obtain sensitive information or cause a denial of service, according to Trustwave SpiderLabs security and research team, which discovered the issue.

“Developers forgot to put explicit memory protections around the shared memory used by the Db2 trace facility,” SpiderLabs’s Martin Rakhmanov said. “This allows any local users read and write access to that memory area. In turn, this allows accessing critically sensitive data as well as the ability to change how the trace subsystem functions, resulting in a denial of service condition in the database.”

IBM released a patch on June 30 to remediate the vulnerability.

CVE-2020-4414 is caused by the unsafe usage of shared memory the Db2 trace utility employs to exchange information with the underlying OS on the system.

The Db2 trace utility is used to record Db2 data and events, including reporting Db2 system information, collecting data required for performance analysis and tuning, and capture data access audit trail for security purposes.

Given that the shared memory stores sensitive information, an attacker with access to the system could create a malicious application to overwrite the memory with rogue data dedicated to tracing data.

“This means that an unprivileged local user can abuse this to cause a denial of service condition simply by writing incorrect data over that memory section,” Rakhmanov said.

Even more concerning, a low-privileged process running on the same computer as the Db2 database could alter Db2 trace and capture sensitive data and use the information to carry out other attacks.

If the flaw sounds familiar, that’s because it’s the same type of memory leakage vulnerability that impacted Cisco’s WebEx video conferencing service (CVE-2020-3347) that could local authenticated attackers to get hold of user details, auth tokens,etc.

It’s recommended to all the IBM’s DB2 users to update their software to the latest version to mitigate the risk.

Critical bug in Skype is forcing Microsoft to issue an all-new version of Skype

A bug in Skype’s updater process can let have attacker to gain full system level access.

skype calling app

A critical vulnerability has been discovered in Skype that could potentially allow attackers to gain rights granting system-level privileges to a local, unprivileged user.

Microsoft, which owns the voice and video-calling service, said it won’t immediately fix the flaw, because the bug would require too much code rewrite.

Skype uses its own built-in updater to keep the software up to date. When that updater runs, it uses another executable file to run the update, which is vulnerable to the hijacking.

The vulnerability has been discovered and reported to Microsoft by security researcher Stefan Kanthak and resides in Skype’s update installer, which is susceptible to Dynamic Link Libraries (DLL) hijacking.

Security researcher Stefan Kanthak found that the Skype update installer could be exploited with a DLL hijacking technique, which can allow an attacker to bluff an application into drawing malicious code instead of the correct library. An attacker can download a malicious DLL into a user-accessible temporary folder and rename it to an existing DLL that can be modified by an unprivileged user. The bug works because the malicious DLL is found first when the app searches for the DLL it needs.

Once system-level privileges are gained, an attacker can do anything, Stefan Kanthak said.

Instead, the company

More on https://capec.mitre.org/data/definitions/471.html

http://seclists.org/fulldisclosure/2018/Feb/33