Episode 111

Ubuntu Security Podcast

Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

3y ago 12:10

MP3•Trang chủ episode

Overview

This week we look at how Ubuntu is faring at Pwn2Own 2021 (which still has 1 day and 2 more attempts at pwning Ubuntu 20.10 to go) plus we look at security updates for SpamAssassin, the Linux kernel, Rack and Django, and we cover some open positions on the Ubuntu Security team too.

This week in Ubuntu Security Updates

14 unique CVEs addressed

[USN-4899-1] SpamAssassin vulnerability [00:46]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2020-1946
Damian Lukowski - remote code execution in configuration file parser for SpamAssassin - failed to properly sanitise certain elements of config files so could allow an attacker to specify commands to be executed by SpamAssassin - if not using configs from untrusted sources should be fine

[USN-4900-1] OpenEXR vulnerabilities [01:40]

6 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
Usual mix of memory corruption vulns in this image processing library - DoS via memory consumption, integer overflow -> buffer overflow -> RCE etc from crafted image files

[USN-4901-1] Linux kernel (Trusty HWE) vulnerabilities [02:24]

4 CVEs addressed in Precise ESM (12.04 ESM)
3.13 kernel used as the HWE kernel from 14.04 backported to 12.04 ESM
iSCSI issues from Episode 109 plus LIO SCSI XCOPY issue from Episode 102

[USN-4561-2] Rack vulnerabilities [03:27]

2 CVEs addressed in Xenial (16.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- CVE-2020-8184
- CVE-2020-8161
Modular Ruby webserver interface
Episode 93 - 18.04 LTS - now provided for remaining releases

[USN-4902-1] Django vulnerability [03:53]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- CVE-2021-28658
Potential directory traversal via uploaded files - if using a custom upload handler with the MultiPartParser from the django parsers framework, could have been vulnerable - didn’t affect any of the built-in upload parsers within django hence the low priority rating for this CVE

Goings on in Ubuntu Security Community

Ubuntu at Pwn2Own 2021 [04:47]

https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
6th, 7th & 8th April - 23 separate entries targeting 10 different products in the categories of Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications (aka Zoom, MS Teams etc)
14 years - grows each year to include new targets / platforms - this year included categories for both automotive (Tesla Model 3) and Enterprise applications (MS Office, Adobe Reader) - but neither had any entrants
4 different teams targeted Ubuntu Desktop in local privilege escalation category - go from a standard user to root - and pwn2own rules say this must be via a kernel vulnerability - in this case it is an up-to-date Ubuntu 20.10 install running inside a virtual machine
Attempts on day 1 and 2 were both successful - Ryota Shiga of Flatt Security and Manfred Paul both used separate OOB access bugs to escalate from a standard user to root
- each earned $30,000 and 3 points in the competitions Master of Pwn award
Tomorrow (8th) will see two more attempts by Billy from STAR Labs and Vincent Dehors of Synacktiv - this will be live-streamed too on YouTube, Twitch, and the conference site.
Also not just Ubuntu was exploited - so far all teams who have attempted to exploit have been successful - Safari, MS Exchange, MS Teams, Windows 10, Parallels Desktop, Chrome, Microsoft Edge, Zoom
- only exception so far is for STAR Labs who have not managed to get their exploits working in the allotted time
More details to follow once the vulns and their fixes become public - competition has a 90 day policy for fixes to be public but I suspect we will see these sooner than that - regardless will look at remaining results of other 2 teams next week as well

Hiring [10:03]

Get in contact

231 tập

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

Episode 111

Ubuntu Security Podcast

139 subscribers

published 3y ago

Chia sẻ

MP3•Trang chủ episode

Overview

This week in Ubuntu Security Updates

14 unique CVEs addressed

[USN-4899-1] SpamAssassin vulnerability [00:46]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
- CVE-2020-1946
Damian Lukowski - remote code execution in configuration file parser for SpamAssassin - failed to properly sanitise certain elements of config files so could allow an attacker to specify commands to be executed by SpamAssassin - if not using configs from untrusted sources should be fine

[USN-4900-1] OpenEXR vulnerabilities [01:40]

6 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
Usual mix of memory corruption vulns in this image processing library - DoS via memory consumption, integer overflow -> buffer overflow -> RCE etc from crafted image files

[USN-4901-1] Linux kernel (Trusty HWE) vulnerabilities [02:24]

4 CVEs addressed in Precise ESM (12.04 ESM)
3.13 kernel used as the HWE kernel from 14.04 backported to 12.04 ESM
iSCSI issues from Episode 109 plus LIO SCSI XCOPY issue from Episode 102

[USN-4561-2] Rack vulnerabilities [03:27]

2 CVEs addressed in Xenial (16.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- CVE-2020-8184
- CVE-2020-8161
Modular Ruby webserver interface
Episode 93 - 18.04 LTS - now provided for remaining releases

[USN-4902-1] Django vulnerability [03:53]

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- CVE-2021-28658
Potential directory traversal via uploaded files - if using a custom upload handler with the MultiPartParser from the django parsers framework, could have been vulnerable - didn’t affect any of the built-in upload parsers within django hence the low priority rating for this CVE

Goings on in Ubuntu Security Community

Ubuntu at Pwn2Own 2021 [04:47]

https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results
6th, 7th & 8th April - 23 separate entries targeting 10 different products in the categories of Web Browsers, Virtualization, Servers, Local Escalation of Privilege, and Enterprise Communications (aka Zoom, MS Teams etc)
14 years - grows each year to include new targets / platforms - this year included categories for both automotive (Tesla Model 3) and Enterprise applications (MS Office, Adobe Reader) - but neither had any entrants
4 different teams targeted Ubuntu Desktop in local privilege escalation category - go from a standard user to root - and pwn2own rules say this must be via a kernel vulnerability - in this case it is an up-to-date Ubuntu 20.10 install running inside a virtual machine
Attempts on day 1 and 2 were both successful - Ryota Shiga of Flatt Security and Manfred Paul both used separate OOB access bugs to escalate from a standard user to root
- each earned $30,000 and 3 points in the competitions Master of Pwn award
Tomorrow (8th) will see two more attempts by Billy from STAR Labs and Vincent Dehors of Synacktiv - this will be live-streamed too on YouTube, Twitch, and the conference site.
Also not just Ubuntu was exploited - so far all teams who have attempted to exploit have been successful - Safari, MS Exchange, MS Teams, Windows 10, Parallels Desktop, Chrome, Microsoft Edge, Zoom
- only exception so far is for STAR Labs who have not managed to get their exploits working in the allotted time
More details to follow once the vulns and their fixes become public - competition has a 90 day policy for fixes to be public but I suspect we will see these sooner than that - regardless will look at remaining results of other 2 teams next week as well

Hiring [10:03]

AppArmor Security Engineer

https://canonical.com/careers/2114847/apparmor-security-engineer-remote

Linux Cryptography and Security Engineer

https://canonical.com/careers/2612092/linux-cryptography-and-security-engineer-remote

Security Engineer - Ubuntu

https://canonical.com/careers/2925180/security-engineer-ubuntu-remote

Get in contact

231 tập

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

Tất cả các tập

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

Nghe hơn 500 chủ đề

Tương tự như Ubuntu Security Podcast

Podcast đáng để nghe

Ubuntu Security Podcast « » Episode 111

Overview

This week in Ubuntu Security Updates

[USN-4899-1] SpamAssassin vulnerability [00:46]

[USN-4900-1] OpenEXR vulnerabilities [01:40]

[USN-4901-1] Linux kernel (Trusty HWE) vulnerabilities [02:24]

[USN-4561-2] Rack vulnerabilities [03:27]

[USN-4902-1] Django vulnerability [03:53]

Goings on in Ubuntu Security Community

Ubuntu at Pwn2Own 2021 [04:47]

Hiring [10:03]

AppArmor Security Engineer

Linux Cryptography and Security Engineer

Security Engineer - Ubuntu

Get in contact

Episode 111

Overview

This week in Ubuntu Security Updates

[USN-4899-1] SpamAssassin vulnerability [00:46]

[USN-4900-1] OpenEXR vulnerabilities [01:40]

[USN-4901-1] Linux kernel (Trusty HWE) vulnerabilities [02:24]

[USN-4561-2] Rack vulnerabilities [03:27]

[USN-4902-1] Django vulnerability [03:53]

Goings on in Ubuntu Security Community

Ubuntu at Pwn2Own 2021 [04:47]

Hiring [10:03]

AppArmor Security Engineer

Linux Cryptography and Security Engineer

Security Engineer - Ubuntu

Get in contact

Podcast đáng để nghe

Chào mừng bạn đến với Player FM!

Tương tự như Ubuntu Security Podcast

Hướng dẫn sử dụng nhanh

Ubuntu Security Podcast « »
Episode 111