Bra podcast
Sveriges mest populära poddar
Overview
In the first episode for 2021 we bring back Joe McManus to discuss the SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics drivers and mutt. We also cover some open positions in the team and say farewell to long-time Ubuntu Security superstar Jamie Strandboge.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-4689-3] NVIDIA graphics drivers vulnerabilities [01:09]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 3 different vulns in binary nvidia graphics drivers which could allow unprivileged users to DoS / info leak or possible priv esc
[USN-4689-4] Linux kernel update [01:42]
- 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Corresponding kernel updates for nvidia dkms driver update
[USN-4697-2] Pillow vulnerabilities [02:00]
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-4702-1] Pound vulnerabilities
- 2 CVEs addressed in Xenial (16.04 LTS)
[USN-4703-1] Mutt vulnerability [02:18]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Memory allocation amplification attack -> a “small” sized email can cause mutt to allocate a very large amount of memory when processing the email and cause it to crash as a result of exhausting available memory
- If had empty semicolons in an address field, mutt would allocate 40 bytes for each - so for a 1 byte ; mutt allocates 40 bytes - and so a 25MB email can cause mutt to allocate 1GB
[USN-4704-1] libsndfile vulnerabilities [03:52]
- 12 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
[USN-4705-1] Sudo vulnerabilities [04:06]
- 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- https://www.openwall.com/lists/oss-security/2021/01/26/3
- https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
- Qualys discovered a heap based buffer overflow in command-line argument parsing in sudo that has existed since July 2011
- sudo is setuid root so anyone who executes it is then running a process as root - so if a user can exploit a vuln in sudo to get code execution, can get code execution as root as so escalate privileges to root
- Requires to execute sudo as `sudoedit -s` since this then ensures the right mode is automatically set so that the vulnerability is active
- Developed 3 different exploits for this vulnerability against various Linux distros (Ubuntu 20.04, Debian 10, Fedora 33 etc)
- ASLR helps to make this harder to exploit since it randomises the location of the environment variables in memory etc but assuming an unprivileged user can run the exploit multiple times they can eventually exploit it
Goings on in Ubuntu Security Community
Alex discusses the SolarWinds hack with special guest Joe McManus [07:03]
- Joe is now CISO at Drizly
- https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
- https://srslyriskybiz.substack.com/p/newsletter38
Private home directories for Ubuntu 21.04
Hiring
Engineering Director - Ubuntu Security
Engineering Manager - Ubuntu Security
AppArmor Security Engineer
Ubuntu Security Engineer
Farewells
- Jamie Strandboge (jdstrand)
Get in contact
00:00
-00:00