Overview
In the first episode for 2021 we bring back Joe McManus to discuss the
SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics
drivers and mutt. We also cover some open positions in the team and say
farewell to long-time Ubuntu Security superstar Jamie Strandboge.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-4689-3] NVIDIA graphics drivers vulnerabilities [01:09]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 3 different vulns in binary nvidia graphics drivers which could allow
unprivileged users to DoS / info leak or possible priv esc
[USN-4689-4] Linux kernel update [01:42]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Corresponding kernel updates for nvidia dkms driver update
[USN-4697-2] Pillow vulnerabilities [02:00]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-4702-1] Pound vulnerabilities
- 2 CVEs addressed in Xenial (16.04 LTS)
[USN-4703-1] Mutt vulnerability [02:18]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Memory allocation amplification attack -> a “small” sized email can cause
mutt to allocate a very large amount of memory when processing the email
and cause it to crash as a result of exhausting available memory
- If had empty semicolons in an address field, mutt would allocate 40 bytes
for each - so for a 1 byte ; mutt allocates 40 bytes - and so a 25MB
email can cause mutt to allocate 1GB
[USN-4704-1] libsndfile vulnerabilities [03:52]
- 12 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4705-1] Sudo vulnerabilities [04:06]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- https://www.openwall.com/lists/oss-security/2021/01/26/3
- https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
- Qualys discovered a heap based buffer overflow in command-line argument
parsing in sudo that has existed since July 2011
- sudo is setuid root so anyone who executes it is then running a process
as root - so if a user can exploit a vuln in sudo to get code execution,
can get code execution as root as so escalate privileges to root
- Requires to execute sudo as `sudoedit -s` since this then ensures the right
mode is automatically set so that the vulnerability is active
- Developed 3 different exploits for this vulnerability against various
Linux distros (Ubuntu 20.04, Debian 10, Fedora 33 etc)
- ASLR helps to make this harder to exploit since it randomises the
location of the environment variables in memory etc but assuming an
unprivileged user can run the exploit multiple times they can eventually
exploit it
Goings on in Ubuntu Security Community
Alex discusses the SolarWinds hack with special guest Joe McManus [07:03]
Private home directories for Ubuntu 21.04
Hiring
Engineering Director - Ubuntu Security
Engineering Manager - Ubuntu Security
AppArmor Security Engineer
Ubuntu Security Engineer
Farewells
- Jamie Strandboge (jdstrand)
Get in contact