Vulnerabilities in Airflow

I am by far not a security expert and I would like to use Airflow, but security is blocking the usage due to vulnerable aspects. When I asked the specifics they directed me to the given one The Airflow Celery workers deserialize pickle data that is stored in the message broker—Meaning that if I can get access to the message broker, I can achieve remote code execution inside the workers by a deserialization attack. This vulnerability was assigned CVE-2020-11982.

Originated from this blog.

I am really getting the statement from them that Airflow is insecure. But it is the most popular, therefore there must be ways to secure it. Would there be any advise how to proceed?

Chrome Vulnerabilities are detected in vulnerability scan even after upgraded with latest versions

Had few chrome vulnerabilities [CVE-2020-6420] detected by BI(Retina). Upgraded the affected machines to chrome version 84.0.4147.89. After re-scan still the same vulnerabilities are detected.

Anyone experienced it before ? please help to resolve

Learning about Exploitation using VMs. What vulnerabilities should I be implementing? [closed]

Recently, I’ve been working on a project to learn a little bit about the exploitation of vulnerable systems (kind of like vulnhub). Problem is, I want to do it DIY (learn more about configuration / setup this way), but I don’t really know what vulnerabilities to implement on a "victim" Debian machine that I will "attack" with Kali Linux (all in VMs at the moment).

What I’m looking for: Vulnerabilities that are seen commonly in real-world production environments. Misconfigurations or bugs in common programs / operating systems. I want to simulate something realistic — not too vulnerable yet still vulnerable enough to exploit and learn something. That’s not necessarily to say that Remote Code Exec and Priv Esc are unwanted; I just want to limit the number of those kinds of vulns to make my attack paths more interesting.

In other words, what general kinds of exploits or programs (OpenSMTPD, PHP stuff, etc.) that have historically been pretty vulnerable are there that I can install / configure onto my vulnerability lab and play around with? If applicable, a corresponding CVE would be really helpful too. Shoot me with your recommendations.

Secure code makes exploitation easier with CPU vulnerabilities

I researched CPU vulnerabilities in the past, such as Specta and Meltdown.

I read that one of those attacks is actually made easier if the code is a certain way. I cannot remember if it was related to being efficiently wrote, securely wrote, or some other reason. However, now I need this quote I cannot find it anywhere.

Simply put – what factors in the code make Spectre and/or Meltdown easier to perform the attack?

Forgive me for asking here but I cannot find this anywhere, and was hoping for a link.

Addressing SSL/TLS vulnerabilities in IoT Device client side implementation

I understand SSL/TLS is the most commonly data transmission protocol for a secured communication. I need to implement the same in one of the IoT device (ARM® Cortex®-M4 Core at 80 MHz). This will be TLS Client implementation.

Since the device is a small scale device, I am looking for a light weight SSL Library (bearSSL, mbedSSL, ..) to use.

Device needs to store as well as transmit data to server; and I need to ensure a secured communication with data confidentiality and integrity; avoiding any possible attack (MITM,..).

However as I got to read, there are vulnerabilities/pitfalls in SSL/TLS also, does just using a right library will ensure addressing them? Or there are specific things I need to do in my code implementation to address them?

Like right ciphersuite selection; generating and securely storing the keys (key management); …

request for some insight into this.

What are the potential vulnerabilities of allowing non-root users to run apt-get?

There are two ways I can think of doing this:

  1. On a system with sudo, by modifying /etc/sudoers.

  2. On a system without sudo (such as a Docker environment), by writing a program similar to the below and setting the setuid bit with chmod u+s. apt-get checks real uid, so a setuid call is necessary.

... int main(int argc, char **argv) {     char *envp[] = { ... };     setuid(0);     execve("/usr/bin/apt-get", argv, envp);     return 1; } 

I have two questions:

  1. What are the potential vulnerabilities of allowing non-root users to run apt-get?
  2. My goal is to allow people to install/remove/update packages, given that apt-get lives in a custom non-system refroot and installs from a custom curated apt repository. Are there safer ways to allow non-root users to run apt-get on a system without sudo?