Podcast Detail

SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability

If you are not able to play the podcast using the player below: Use this direct link to the audio file: https://traffic.libsyn.com/securitypodcast/9330.mp3

ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability

00:00

My Next Class

Network Monitoring and Threat Detection In-Depth	Baltimore	Mar 3rd - Mar 8th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Apr 13th - Apr 18th 2025

… more classes

ModelScan: Protection Against Model Serialization Attacks
ModelScan is a tool to inspect AI models for deserialization attacks. The tool will detect suspect commands and warn the user.
https://isc.sans.edu/diary/ModelScan%20-%20Protection%20Against%20Model%20Serialization%20Attacks/31692

OpenSSH MitM and DoS Vulnerabilities
OpenSSH Patched two vulnerabilities discovered by Qualys. One may be used for MitM attack in specfic configurations of OpenSSH.
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt

Juniper Authentication Bypass
Juniper fixed an authentication bypass vulnerability that affects several prodcuts. The patch was released outside the normal patch schedule.
https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US

DELL BIOS Patches
DELL released BIOS updates fixing a privilege escalation issue. The update affects a large part of Dell's portfolio
https://www.dell.com/support/kbdoc/en-en/000258429/dsa-2025-021

iTunes

MP3 Download

RSS Feed

Google

Podbean

Amazon Echo

YouTube

Spreaker

Spotify

Discussion

Network Monitoring and Threat Detection In-Depth	Baltimore	Mar 3rd - Mar 8th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Orlando	Apr 13th - Apr 18th 2025
Application Security: Securing Web Apps, APIs, and Microservices	San Diego	May 5th - May 10th 2025
Network Monitoring and Threat Detection In-Depth	Baltimore	Jun 2nd - Jun 7th 2025
Application Security: Securing Web Apps, APIs, and Microservices	Washington	Jul 14th - Jul 19th 2025

Podcast Transcript

 Hello and welcome to the Wednesday, February 19th, 2025
 edition of the SANS Internet Storm Center's Stormcast. My
 name is Johannes Ulrich and today I'm recording from
 Jacksonville, Florida. Well, today we got Russ McRebeck,
 our handler after a hiatus. And the first diary really
 addresses a topic that I've covered a couple times here.
 And that's, well, malicious machine learning models. When
 you're downloading a machine learning model from a site
 like HackingFace, well, you're typically downloading a pickle
 file. The problem with pickle files is they are Python code.
 So as you're instantiating the model, you're potentially
 execute Python code, which could be malicious, which
 could execute operating system commands and all kinds of evil
 things that attackers like to do to your system. This could
 even happen if you're using the torch load command. The
 PyTorch module. Torch load may also instantiate models unless
 you specifically only have the weights only parameters set
 that will only load weights for the model, not to complete
 any Python code or so that's potentially being added to the
 model. Now, to help you with this task to figure out if a
 particular machine learning model that you downloaded is
 malicious or not, Russ introduces a tool called
 ModelScan. ModelScan does well what you would expect it to do
 based on the name. It will scan your machine learning
 model and tell you if there is any suspect code in this
 machine learning model. Well, Russ has sort of a quick run
 -through of that model scan tool with a benign and a
 malicious model. In the malicious case here, it
 recognizes that there are some operating system commands that
 are going to be executed and it will alert you of that.
 There are different ratings for the finding is fine. It
 includes, of course, there will probably be a little bit
 of cat and mouse game going on over the next month, years,
 whatever. Between the tool and the attackers trying to look
 for evasion techniques and to detect evasion techniques. But
 it looks like a very solid tool. It comes with gibber
 notebooks and all the good stuff that you kind of need in
 order to run an experiment with the tool. So, we do have
 two new vulnerabilities in OpenSSH. The vulnerabilities
 were found by Qualys and were just patched. One of the
 vulnerabilities, the one that's really more interesting
 here, allows for an attacker to impersonate a server. The
 attacker needs to have a machine in the middle position
 in order to conduct the attack. But, of course, that's
 kind of not the type of attack that you want to protect
 yourself from via the proper key identification from the
 server. You're only vulnerable to this attack if you have the
 verify host key DNS feature enabled. It's usually
 disabled. However, apparently in FreeBSD, it's sometimes
 enabled by default. The vulnerability itself is over
 10 years old. And, well, as a result, pretty much any SSH
 server client that you would find out there right now is
 vulnerable. Now, a little bit about that verify host key DNS
 feature. The idea is that you publish an SSH fingerprint of
 the key via DNS. This has to be DNSSEC protected. But SSH
 here does not deal with errors properly. If there is a memory
 allocation error during the parsing of the record of the
 key, then the key is accepted. And that then leads to no
 warning being displayed as the user connects to the
 potentially malicious host. So, a couple of things you
 want to do here is, number one, of course, keep SSH
 updated. This is one of the critical things that you have.
 I just yesterday talked about how SSH may be the one thing
 that you enable, like, you know, on your parameter. And
 then check if this verify host key DNS feature is enabled.
 Most networks don't even publish any SSH fingerprint
 records via DNS. If you don't publish these records, then
 definitely disable it because there's nothing really to
 verify here. The second part to this, of course, is if you
 do publish those records, again, make sure that you're
 up to date. Also, double check for odd errors and such that
 you may see in your logs that would potentially indicate an
 exploit attempt here. The second vulnerability, as I
 said, is a denial of service vulnerability. So, nothing
 really all that outrageous here necessarily. Not good,
 but definitely less important than the impersonation of a
 server. We've got a couple other smaller issues,
 vulnerabilities. First of all, Juniper released some patches.
 Not necessarily a small problem, but not a lot of
 details here. And that's an out-of-cycle bulletin, meaning
 that is not one of their regular bulletins. They
 prioritize this bulletin. It affects a wide range of their
 devices, and it's an authentication bypass. They
 call it an alternate path or channel vulnerability that the
 router is exposed to here. And yes, CVS score in the 9.8
 range for this vulnerability. So, definitely prioritize
 updating.
 Dell also published a fix for an authentication
 vulnerability. This one affects the bias of a wide
 range of systems. However, in order to exploit this, you
 already have to have authenticated using a more
 privileged account. So, not all that critical. And, well,
 bias updates are always painful. So, nothing that you
 have to do right now. The list of vulnerable systems is long.
 I would suspect it's pretty much all of Dell's system that
 may be vulnerable to this. Well, and that's it for today.
 Thanks for subscribing. Thanks for listening. Thanks for
 recommending this podcast. And talk to you again tomorrow.
 Bye.