Tired

Tired.

Need to have a good rest.


- Pic from Internet

- wong chee tat ):

Vulnerability Note VU#905344

HTTP CONNECT and 407 Proxy Authentication Required messages are not integrity protected

Original Release date: 15 Aug 2016 | Last revised: 15 Aug 2016

Print Document

Tweet

Like Me

Share

Overview

HTTP CONNECT requests and 407 Proxy Authentication Required messages are not integrity protected and are susceptible to man-in-the-middle attacks. WebKit-based applications are additionally vulnerable to arbitrary HTML markup and JavaScript execution in the context of the originally requested domain.

Description

Web browsers and operating systems making a HTTPS request via a proxy server are vulnerable to man-in-the-middle (MITM) attacks against HTTP CONNECT requests and proxy response messages. HTTP CONNECT requests are made in clear text over HTTP, meaning an attacker in the position to modify proxy traffic may force the use of 407 Proxy Authentication Required responses to phish for credentials. WebKit-based clients are vulnerable to additional vectors due to the fact that HTML markup and JavaScript are rendered by the client Document Object Model (DOM) in the context of the originally requested HTTPS domain. For more information, refer to the FalseCONNECT website.

Impact

An attacker in the position to control HTTP CONNECT requests and proxy responses can conduct MITM attacks, which may include credential phishing and, where vulnerable WebKit-based clients are involved, arbitrary HTML and JavaScript injection.

Solution

Apply an update Check with affected software vendors and apply an update, if available. Those unable or unwilling to apply an update should consider the following workarounds.

Avoid untrusted networks Avoid using proxy-configured clients while connected to untrusted networks, including public WiFi. Using a proxy-configured client on an untrusted network increases the chance of falling victim to a MITM attack. Disable proxy configuration settings If use of proxy auto-configuration (PAC) or web proxy auto-discovery (WPAD) is not required, consider disabling them.

Vendor Information (Learn More)

Vendor	Status	Date Notified	Date Updated
Apple	Affected	17 Jun 2016	11 Aug 2016
Microsoft Corporation	Affected	17 Jun 2016	11 Aug 2016
Opera	Affected	17 Jun 2016	11 Aug 2016
Oracle Corporation	Affected	17 Jun 2016	11 Aug 2016
Lenovo	Not Affected	17 Jun 2016	01 Aug 2016
Arista Networks, Inc.	Unknown	17 Jun 2016	17 Jun 2016
Belkin, Inc.	Unknown	28 Jul 2016	28 Jul 2016
CentOS	Unknown	17 Jun 2016	17 Jun 2016
Cisco	Unknown	28 Jul 2016	28 Jul 2016
CoreOS	Unknown	17 Jun 2016	17 Jun 2016
Debian GNU/Linux	Unknown	17 Jun 2016	17 Jun 2016
DesktopBSD	Unknown	17 Jun 2016	17 Jun 2016
DragonFly BSD Project	Unknown	17 Jun 2016	17 Jun 2016
EMC Corporation	Unknown	17 Jun 2016	17 Jun 2016
F5 Networks, Inc.	Unknown	17 Jun 2016	17 Jun 2016

If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group	Score	Vector
Base	4.3	AV:A/AC:M/Au:N/C:P/I:P/A:N
Temporal	3.4	E:POC/RL:OF/RC:C
Environmental	3.4	CDP:ND/TD:H/CR:ND/IR:ND/AR:ND

References

• http://falseconnect.com
• https://tools.ietf.org/html/rfc7235#section-3.2

Credit

Thanks to Jerry Decime for reporting these vulnerabilities.

This document was written by Joel Land.

Other Information

• CVE IDs: Unknown
• Date Public: 15 Aug 2016
• Date First Published: 15 Aug 2016
• Date Last Updated: 15 Aug 2016
• Document Revision: 23

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.

- wong chee tat :)

Vulnerability Summary for CVE-2016-5696

Vulnerability Summary for CVE-2016-5696

Original release date: 08/06/2016

Last revised: 08/10/2016

Source: US-CERT/NIST

Overview

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack.

Impact

CVSS Severity (version 3.0):

CVSS v3 Base Score: 5.9 Medium

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.2

CVSS Version 3 Metrics:

Attack Vector (AV): Network

Attack Complexity (AC): High

Privileges Required (PR): None

User Interaction (UI): None

Scope (S): Unchanged

Confidentiality (C): High

Integrity (I): None

Availability (A): None

CVSS Severity (version 2.0):

CVSS v2 Base Score: 4.3 MEDIUM

Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N) (legend)

Impact Subscore: 2.9

Exploitability Subscore: 8.6

CVSS Version 2 Metrics:

Access Vector: Network exploitable

Access Complexity: Medium

Authentication: Not required to exploit

Impact Type: Allows unauthorized disclosure of information

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MISC

Name: http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.html

Type: Technical Description

Hyperlink: http://www.prnewswire.com/news-releases/mitnick-attack-reappears-at-geekpwn-macau-contest-300270779.html

External Source: MLIST

Name: [oss-security] 20160712 Re: CVE-2016-5389: linux kernel - challange ack information leak.

Type: Mailing List; Third Party Advisory

Hyperlink: http://www.openwall.com/lists/oss-security/2016/07/12/2

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=1354708

Type: Issue Tracking

Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=1354708

External Source: CONFIRM

Name: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758

Type: Issue Tracking; Patch

Hyperlink: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758

External Source: CONFIRM

Name: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758

Type: Issue Tracking; Patch

Hyperlink: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758

Vulnerable software and versions

+ Configuration 1
* OR
* cpe:/o:linux:linux_kernel:4.6.6 and previous versions

* Denotes Vulnerable Software
Changes related to vulnerability configurations

Technical Details

Vulnerability Type (View All)

• Information Leak / Disclosure (CWE-200)

CVE Standard Vulnerability Entry http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5696

- wong chee tat :)

Blog Updates:

Blog Updates:

Minor updates:

- Update labels on some old posts

Will continue to make minor improvements for this blog!

- wong chee tat :)

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas
Homage to the 36 trillion, 119 thousand, 500 Amitabha Buddhas

- wong chee tat :)

August 2016 Singapore Savings Bonds - GX16090W

Issuance details - GX16090W

Bond ID	GX16090W
Amount available	$300 million
Issue date	1 Sep 2016
Maturity date(1)	1 Sep 2026
Interest payment dates(1)	The 1st interest payment will be made on 1 Mar 2017, and subsequently  every six months on 1 Sep and 1 Mar every year.
Investment amounts	You can invest a minimum of $500, and in multiples of $500 up to $50,000  for this issue. The total amount of Savings Bonds held across all issues  cannot be more than $100,000.
Application period	Opens: 6.00pm, 1 Aug2016 Closes: 9.00pm, 26 Aug 2016 Results: After 3.00pm, 29 Aug 2016 Keep track of the important dates with our SSB calendar.
Apply through	DBS/POSB, OCBC and UOB ATMs and DBS/POSB Internet Banking,  from 7.00am - 9.00pm, Mon - Sat, excluding Public Holidays. On  1 Aug 2016, these channels will be open from 6.00pm to 9.00pm.  CPF and SRS funds are not eligible.

This bond will be reflected as "SBSEP16 GX16090W" in your CDP statement and "CDP-SBSEP16" in your bank statement.

Interest rates

Year from issue date	1	2	3	4	5	6	7	8	9	10
Interest, %	0.87	1.02	1.35	1.72	1.93	1.98	2.05	2.14	2.26	2.47
Average return per year, %*	0.87	0.94	1.08	1.24	1.37	1.47	1.55	1.62	1.68	1.75

* At the end of each year, on a compounded basis

Calculate the interest you will earn based on your desired investment amount using the Interest Calculator.

(1)If this day is not a business day, payment will be made on the next business day.

- wong chee tat :)