Sveriges mest populära poddar

Ubuntu Security Podcast

Episode 69

20 min • 2 april 2020

Overview

This week we cover security updates for a Linux kernel vulnerability disclosed during pwn2own, Timeshift, pam-krb5 and more, plus we have a special guest, Vineetha Kamath, to discuss security certifications for Ubuntu.

This week in Ubuntu Security Updates

10 unique CVEs addressed

[USN-4308-2] Twisted vulnerabilities [00:42]

[USN-4310-1] WebKitGTK+ vulnerability [01:09]

  • 1 CVEs addressed in Bionic, Eoan
  • UAF - discovered by CloudFuzz

[USN-4312-1] Timeshift vulnerability [01:49]

  • 1 CVEs addressed in Eoan
  • Reuses predictably named temporary directory to execute scripts - and runs as root - so a local attacker could replace the script in this predictably named directory with one containing malicious commands, to get code execution as root. Fixed by using a randomly named directory and setting the permissions on it so other users can’t write to it.

[USN-4313-1] Linux kernel vulnerability [02:43]

  • 1 CVEs addressed in Bionic, Eoan
  • pwn2own - Manfred Paul discovered the BPF verifier in the Linux kernel did not properly calculate register bounds for 32-bit operations - so if allow unprivileged users to load BPF, this could be used to read or write kernel memory. Can then use this to elevate privileges to root.
  • https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results

[USN-4311-1] BlueZ vulnerabilities [03:52]

  • 2 CVEs addressed in Xenial, Bionic, Eoan
  • Didn’t handle bonding of HID and HOGP (HID over GATT - Generic Attribute Profile) devices - local attacker could use this to impersonate non-bonded devices
  • Buffer overflow in parse_line function used by some CLI-based userland utils

[USN-4314-1] pam-krb5 vulnerability [04:50]

  • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
  • Single-byte buffer overflow could potentially allow RCE - buffer is provided by underlying kerberos library - attacker can supply input of special length to overflow this and then cause memory corruption - possible heap or stack corruption. Only used in code-paths where Kerberos lib does supplemental prompting, or if running PAM with no_prompt configured.

Goings on in Ubuntu Security Community

Joe and Vineetha discuss security certifications for Ubuntu [06:14]

Get in contact

Kategorier
Förekommer på
00:00 -00:00