Overview
This week, Sid Faber and Kyle Fazzari of the Ubuntu Robotics team interview
Vijay Sarvepalli from CERT about the recent Ripple20 vulnerabilities
announcement, plus we look at security updates for Bind, Mutt, curl and
more.
This week in Ubuntu Security Updates
8 unique CVEs addressed
[USN-4397-2] NSS vulnerability [00:40]
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM)
- Episode 79 - timing side-channel attack during DSA key generation
[USN-4399-1] Bind vulnerabilities [01:00]
- 2 CVEs addressed in Focal (20.04 LTS)
- 2 DoS issues (resulting from the ability to crash BIND) - an
authoritative nameserver which provides entries containing asterisks
could change entries and cause BIND to crash, also an attacker who can
send crafted zone data to cause a zone transfer could trigger an
assertion failure -> crash
[USN-4400-1] nfs-utils vulnerability [01:44]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- /var/lib/nfs was writable by statd user - if this user were compromised
could change then contents of this directory. This dir also contains
files owned and managed by root (rmtab etc) - mountd uses rmtab and so
since statd user can change this files contents, they could make mountd
create or overwrite other files on the system as root -> and so escalate
privileges. Fixed to just make the few specific subdirectories owned by
statd.
[USN-4401-1] Mutt vulnerabilities [03:16]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- 2 issues on handling of TLS connections for IMAP servers, could allow a
middleperson attack since wouldn’t properly do authentication of the
network connection, and would proceed to connect even if a user chooses
to reject the connection due to an expired certificate. So only relevant
if using mutt to connect to IMAP directly.
[USN-4402-1] curl vulnerabilities [04:06]
- 2 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Eoan (19.10), Focal (20.04 LTS)
- Could be tricked to overwrite local files as
specified by a malicious server when using the CLI arguments -i in
combination with -J - -J is used to specify that the local filename
should come from a HTTP header specified by the server. Normally this
refuses to overwrite any existing local file but when using in
conjunction with -i this check was skipped.
- Possible partial password leak since could be tricked into appending part
of the password to the hostname before this is resolved via DNS during a
redirect - but only if the password contains an @ character….
Goings on in Ubuntu Security Community
Sid Faber and Kyle Fazzari interview Vijay Sarvepalli from CERT about Ripple20 [05:44]
Get in contact