Overview
This week we look at vulnerabilities in Samba, GDM, AccountsService, GOsa
and more, plus we cover some AppArmor related Ubuntu Security community
updates as well.
This week in Ubuntu Security Updates
26 unique CVEs addressed
[USN-4552-3] Pam-python regression [00:40]
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
- Original update (Episode 92 - bionic), (Episode 94 - xenial) caused was
too restrictive and would disallow PAM modules written in python from
importing python modules from site-specific directories
[USN-4609-1] GOsa vulnerabilities [01:18]
- 3 CVEs addressed in Xenial (16.04 LTS)
- PHP based LDAP user admin frontend
- XSS attacks via the change password form
- Could login to any account with a username containing “success” with any
arbitrary password
- Cookie mishandling allowed an authenticated user to delete files on the
web server in the context of the user account running the web server
[USN-4610-1] fastd vulnerability [02:11]
- 1 CVEs addressed in Focal (20.04 LTS)
- Fast & secure tunnelling daemon
- Failed to free rx buffers in certain circumstances - memory leak -> DoS
[USN-4611-1] Samba vulnerabilities [02:29]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- 2 different DoS issues - remote attacker could cause DNS server to crash
by supplying invalid DNS records, or could cause winbind to crash via
crafted winbind requests
- Failed to check permissions on ChangeNotify - so an attacker could
subscribe to get notifications on files they did not have permission to
read - and so leaks file info
[USN-4605-2] Blueman update [03:22]
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
- Episode 94 - this includes additional fix so that on focal and groovy
policykit is used to authenticate privileged actions
[USN-4614-1] GDM vulnerability [03:55]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Kevin Backhouse - discovered 3 vulnerabilities - one in GDM, 2 in
AccountsService
- GDM incorrectly launched the initial setup tool if it could not reach the
accountsservice daemon
- If could cause accountsservice to be unresponsive, could get GDM to
luanch initial setup tool which then allows a local user to create a
privileged users account
- But requires accountsservice to be unresponsive…
[USN-4616-1] AccountsService vulnerabilities [05:00]
- 3 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Drops privileges for certain operations but does so where a local
unprivileged user can send it SIGSTOP signal - is now unresponsive - so
could allow the GDM attack above - or could cause it to crash (send
SIGSEGV etc)
- Also would exhaust all memory when reading .pam_environment if it was
really large (ie symlink to /dev/zero) - again could cause it to hang /
crash -> DoS
[USN-4613-1] python-cryptography vulnerability [06:34]
[USN-4615-1] Yerase’s TNEF vulnerabilities [07:23]
- 12 CVEs addressed in Xenial (16.04 LTS)
- libtynef - TNEF stream reader library (proprietary format used by MS
Outlook / Exchange Server for email attachments)
- Lots of issues - NULL ptr deref, infinite loop, buffer overflows, OOB
reads, directory traversal issues and more :) -> crash / DoS / RCE
Goings on in Ubuntu Security Community
AppArmor 3.0.1 being prepared [08:22]
- Includes fixes for various application profiles as well as a fix to stop
aa-notify from exiting after 100s of no activity
Securing Linux Machines with AppArmor Webinar [08:57]
- https://www.brighttalk.com/webcast/6793/440491
- Currently scheduled for Mon 16th Nov at 16:00 UTC
- Presented by Mike Salvatore - who also wrote the Introduction to AppArmor whitepaper
- Will cover:
- Why a ‘defence in depth’ strategy should be employed to mitigate the
potential damage caused by a breach
- An explanation of AppArmor, its key features and why the principle of
least privilege is recommended
- The use of AppArmor in Ubuntu and snaps
Get in contact