Episode 96

Overview

This week we look at results from the Tianfu Cup 2020, the PLATYPUS attack against Intel CPUs, a detailed writeup of the GDM/accountsservice vulnerabilities covered in Episode 95 and more.

Goings on in Ubuntu Security Community

Tianfu Cup 2020 [00:37]

• https://www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest/
• QEMU on Ubuntu, Firefox and docker all pwned (as well as Chrome, Safari, VMWare ESXi, CentOS 8, iPhone etc)
• qemu-kvm on Ubuntu - used a UAF and an info-leak to escape VM and get root code exec on host - by Xiao Wei from 360 ESG Vuln Research Institute who has previously found lots of QEMU bugs - $60k
• Still waiting on upstream qemu / docker to release details - Firefox already patched in CVE-2020-26950

Github writeup of GDM/accountsservice vulnerabilities [02:53]

• We covered the vulns in last week’s Episode 95
• Kevin Backhouse provides a great amount of detail and a cool demo video of the attack - https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
• https://portswigger.net/daily-swig/vulnerabilities-in-ubuntu-desktop-enabled-root-access-in-two-simple-steps

PLATYPUS attack against Intel CPUs [03:41]

• https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus
• https://platypusattack.com/
• https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/

This week in Ubuntu Security Updates [05:27]

23 unique CVEs addressed

[USN-4617-1] SPICE vdagent vulnerabilities

• 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-25653
  • CVE-2020-25652
  • CVE-2020-25651
  • CVE-2020-25650

[USN-4616-2] AccountsService vulnerabilities

• 2 CVEs addressed in Trusty ESM (14.04 ESM)
  • CVE-2018-14036
  • CVE-2020-16126

[USN-4618-1] tmux vulnerability

• 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-27347

[USN-4619-1] dom4j vulnerability

• 1 CVEs addressed in Xenial (16.04 LTS)
  • CVE-2018-1000632

[USN-4599-3] Firefox regressions

• Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
• Episode 94

[USN-4620-1] phpLDAPadmin vulnerability

• 1 CVEs addressed in Bionic (18.04 LTS)
  • CVE-2017-11107

[USN-4621-1] netqmail vulnerabilities

• 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
  • CVE-2020-3812
  • CVE-2020-3811
  • CVE-2005-1515
  • CVE-2005-1514
  • CVE-2005-1513

[USN-4622-1] OpenLDAP vulnerability

• 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-25692

[USN-4623-1] Pacemaker vulnerability

• 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-25654

[USN-4624-1] libexif vulnerability

• 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-0452

[USN-4625-1] Firefox vulnerability

• 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-26950

[USN-4626-1] Linux kernel vulnerabilities

• 2 CVEs addressed in Groovy (20.10)
  • CVE-2020-8694
  • CVE-2020-27194

[USN-4627-1] Linux kernel vulnerability

• 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • CVE-2020-8694

[USN-4628-1] Intel Microcode vulnerabilities

• 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • CVE-2020-8698
  • CVE-2020-8696
  • CVE-2020-8695

Get in contact

• [email protected]
• #ubuntu-security on the Libera.Chat IRC network
• ubuntu-hardened mailing list
• Security section on discourse.ubuntu.com
• @ubuntu_sec on twitter