Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 46

26 min • 12 september 2019

Overview

A massive 85 CVEs addressed this week, including updates for Exim, the Linux Kernel, Samba, systemd and more, plus we discuss hacking BMCs via remote USB devices and password stashes.

This week in Ubuntu Security Updates

85 unique CVEs addressed

[USN-4124-1] Exim vulnerability [00:49]

[USN-4114-1] Linux kernel vulnerabilities [03:49]

  • 5 CVEs addressed in Bionic (HWE), Disco
    • CVE-2019-3900
      • Infinite loop in virtio network driver - guest VM cause host DoS by stalling vhost_net kernel thread
    • CVE-2019-14284
      • Divide by zero in floppy driver ioctl() handler (created by default by qemu)
    • CVE-2019-14283
      • Integer overflow and OOB read in floppy driver
    • CVE-2019-13648
      • DoS for PowerPC if user calls sigreturn() with crafted signal stack frame - exception and system crash (requires transactional memory to be disabled)
    • CVE-2019-10638
      • Kernel tries to randomise IP ID values (used for de-fragmentation of IP packets) for connection-less protocols to avoid tracking
      • Is meant to be random across source + dest address + protocol
      • But if an attacker can observe traffic to multiple hosts, can infer the hashing key used to generate the ID values
      • And then can associate different streams of packets back to the same source host and hence can track devices
      • Fixed to used an actual random value for the base of the hash and use a better hashing algorithm (siphash) for ID generation

[USN-4115-1] Linux kernel vulnerabilities [06:42]

[USN-4116-1] Linux kernel vulnerabilities [09:12]

[USN-4117-1] Linux kernel (AWS) vulnerabilities [09:43]

[USN-4118-1] Linux kernel (AWS) vulnerabilities [10:17]

[USN-3934-2] PolicyKit vulnerability [10:36]

  • 1 CVEs addressed in Precise ESM
  • Episode 27 - PolicyKit could get confused via PID reuse - fix was 2 parts - 1 kernel to ensure can’t race kernel on PID assignment, and second was in PolicyKit itself to check on PID, UID and start time.

[USN-4119-1] Irssi vulnerability [11:23]

  • 1 CVEs addressed in Disco
    • CVE-2019-15717
      • UAF if server sends two CAP commands (used by client and server to negotiate capabilities - ie sasl support etc)

[USN-4121-1] Samba vulnerability [11:52]

  • 1 CVEs addressed in Disco
    • CVE-2019-10197
      • Possible directory share escape by unauthenticated users - allows attackers to gain access to the host filesystem outside the share root (limited as per underlying file-system permissions)
      • Needs the server to have explicitly enabled ‘wide links’ and not be using ‘unix extensions’ OR to have also set ‘allow insecure wide links’

[USN-4120-1] systemd vulnerability [12:40]

  • 1 CVEs addressed in Bionic, Disco
    • CVE-2019-15718
      • systemd-resolved failed to properly setup access controls on its DBus server socket, whic allows unprivileged users to execute DBus methods that should only be executable by privileged users - such as changing the systems DNS resolver settings

[USN-4122-1] Firefox vulnerabilities [13:10]

[USN-4123-1] npm/fstream vulnerability [13:29]

Goings on in Ubuntu Security Community

Joe and Alex discuss hacking BMCs via a remote USN attack [13:53]

Joe and Alex also discuss password stashes [20:33]

Get in contact

Kategorier
Förekommer på
00:00 -00:00