To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Tôi hiểu rồi!
Artwork

Alex Murray Ubuntu Security Team Linux Tech Operating Systems Alex and Joe Security Software Development
Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Tương tự như Ubuntu Security Podcast

Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Get it on App Store Get it on Google Play

Ubuntu Security Podcast « »
Episode 160

13:47
 
Nghe
Đang phát
Chia sẻ
 

MP3Trang chủ episode
Manage episode 329137749 series 2423058
Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Overview

Ubuntu get’s pwned again at Pwn2Own Vancouver 2022, plus we look at security updates for the Linux kernel, RSyslog, ClamAV, Apport and more.

This week in Ubuntu Security Updates

57 unique CVEs addressed

[USN-5413-1] Linux kernel vulnerabilities [01:06]

  • 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
  • 4.4 - 16.04 ESM GA + 14.04 ESM
  • UAF in nouveau driver when device is removed - external NVIDIA GPU? or local user unbinding the driver?
  • UAF due to race condition in network packet scheduler
  • OOB write in NFS - user who had access to an NFS mount could possibly exploit this
  • Buffer overflow in ST Micro NFC driver - failed to validate parameters from NFC device - physically approximate attacker could possibly exploit this but would need custom hw/sw
  • Similarly, Xilinx USB2 gadget driver failed to validate USB endpoints
  • ESM CAN/USB double-free

[USN-5415-1] Linux kernel vulnerabilities [02:27]

[USN-5417-1] Linux kernel vulnerabilities [03:07]

[USN-5418-1] Linux kernel vulnerabilities [03:19]

[USN-5416-1] Linux kernel (OEM) vulnerabilities [03:26]

  • 5 CVEs addressed in Focal (20.04 LTS)
  • 5.14 - 20.04 LTS OEM
  • KVM mishandled guest page table updates -> guest VM crash host OS
  • 2 similar issues in CAN bus drivers - 8 Devices USB2CAN and Microchip CAN Bus analyzer both had double-free on error paths - local attacker could crash -> DoS
  • Plus ESM CAN/USB issue from above

[USN-5419-1] Rsyslog vulnerabilities [04:26]

  • 3 CVEs addressed in Xenial ESM (16.04 ESM)
  • 2 issues in handling of various message types (AIX + Cisco log messages failed to properly validate contents and so could result in heap buffer overflow)
  • 1 in handling of plain TCP socket comms - but this module is not enabled in the default rsyslog configuration for Ubuntu

[USN-5420-1] Vorbis vulnerabilities [05:01]

[USN-5421-1] LibTIFF vulnerabilities [05:16]

[USN-5422-1] libxml2 vulnerabilities [05:32]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • UAF plus possible integer overflows -> unspec impact (but requires victim to process a multiGB XML file)

[USN-5311-2] containerd regression [06:03]

  • 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • Episode 152 - subsequent update to containerd by different team reverted the CVE fix accidentally - reinstated it

[USN-5423-1, USN-5423-2] ClamAV vulnerabilities [06:24]

[USN-5424-1] OpenLDAP vulnerability [06:53]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • SQL injection in the sql backend of slapd via an SQL statement within a LDAP query

[USN-5425-1] PCRE vulnerabilities [07:09]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • OOB read -> info leak
  • integer overflow -> buffer overflow? -> crash / code execution

[USN-5426-1] needrestart vulnerability [07:20]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • detects daemons that need to be restarted after libraries are upgraded
  • uses various regex’s to detect scripting languages - but since these were not specific enough, it could allow a user to get their own script executed in the context of the user which is running needrestart - which could be root

[USN-5427-1] Apport vulnerabilities [08:08]

  • 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • Gerrit Venema reported a heap of issues in Apport - thanks to Marc Deslauriers on our team for working on these
  • Crash handler in Ubuntu - is invoked by the kernel when an application crashes to collect various data to then upload to Ubuntu developers
  • Runs as root but can be invoked as a regular user so has been a target for privesc vulns in the past
  • Has various code to drop privileges etc but these were found to be incomplete
  • Impacts of these issues range from DoS by crashing Apport through to local privesc to root

[USN-5428-1] libXrandr vulnerabilities [09:14]

  • 2 CVEs addressed in Xenial ESM (16.04 ESM)
  • Integer overflows -> OOB write plus another different OOB write - all able to be triggered by a malicious remote X server

Goings on in Ubuntu Security Community

Ubuntu in Pwn2Own Vancouver 2022 [09:39]

Get in contact

  continue reading

230 tập

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development
Artwork

Episode 160

Ubuntu Security Podcast

138 subscribers

published

Nghe Đang phát
iconChia sẻ
 
MP3Trang chủ episode
Manage episode 329137749 series 2423058
Nội dung được cung cấp bởi Alex Murray and Ubuntu Security Team. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Alex Murray and Ubuntu Security Team hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

Overview

Ubuntu get’s pwned again at Pwn2Own Vancouver 2022, plus we look at security updates for the Linux kernel, RSyslog, ClamAV, Apport and more.

This week in Ubuntu Security Updates

57 unique CVEs addressed

[USN-5413-1] Linux kernel vulnerabilities [01:06]

  • 6 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM)
  • 4.4 - 16.04 ESM GA + 14.04 ESM
  • UAF in nouveau driver when device is removed - external NVIDIA GPU? or local user unbinding the driver?
  • UAF due to race condition in network packet scheduler
  • OOB write in NFS - user who had access to an NFS mount could possibly exploit this
  • Buffer overflow in ST Micro NFC driver - failed to validate parameters from NFC device - physically approximate attacker could possibly exploit this but would need custom hw/sw
  • Similarly, Xilinx USB2 gadget driver failed to validate USB endpoints
  • ESM CAN/USB double-free

[USN-5415-1] Linux kernel vulnerabilities [02:27]

[USN-5417-1] Linux kernel vulnerabilities [03:07]

[USN-5418-1] Linux kernel vulnerabilities [03:19]

[USN-5416-1] Linux kernel (OEM) vulnerabilities [03:26]

  • 5 CVEs addressed in Focal (20.04 LTS)
  • 5.14 - 20.04 LTS OEM
  • KVM mishandled guest page table updates -> guest VM crash host OS
  • 2 similar issues in CAN bus drivers - 8 Devices USB2CAN and Microchip CAN Bus analyzer both had double-free on error paths - local attacker could crash -> DoS
  • Plus ESM CAN/USB issue from above

[USN-5419-1] Rsyslog vulnerabilities [04:26]

  • 3 CVEs addressed in Xenial ESM (16.04 ESM)
  • 2 issues in handling of various message types (AIX + Cisco log messages failed to properly validate contents and so could result in heap buffer overflow)
  • 1 in handling of plain TCP socket comms - but this module is not enabled in the default rsyslog configuration for Ubuntu

[USN-5420-1] Vorbis vulnerabilities [05:01]

[USN-5421-1] LibTIFF vulnerabilities [05:16]

[USN-5422-1] libxml2 vulnerabilities [05:32]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • UAF plus possible integer overflows -> unspec impact (but requires victim to process a multiGB XML file)

[USN-5311-2] containerd regression [06:03]

  • 1 CVEs addressed in Focal (20.04 LTS), Impish (21.10)
  • Episode 152 - subsequent update to containerd by different team reverted the CVE fix accidentally - reinstated it

[USN-5423-1, USN-5423-2] ClamAV vulnerabilities [06:24]

[USN-5424-1] OpenLDAP vulnerability [06:53]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • SQL injection in the sql backend of slapd via an SQL statement within a LDAP query

[USN-5425-1] PCRE vulnerabilities [07:09]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial ESM (16.04 ESM), Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • OOB read -> info leak
  • integer overflow -> buffer overflow? -> crash / code execution

[USN-5426-1] needrestart vulnerability [07:20]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • detects daemons that need to be restarted after libraries are upgraded
  • uses various regex’s to detect scripting languages - but since these were not specific enough, it could allow a user to get their own script executed in the context of the user which is running needrestart - which could be root

[USN-5427-1] Apport vulnerabilities [08:08]

  • 8 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Impish (21.10), Jammy (22.04 LTS)
  • Gerrit Venema reported a heap of issues in Apport - thanks to Marc Deslauriers on our team for working on these
  • Crash handler in Ubuntu - is invoked by the kernel when an application crashes to collect various data to then upload to Ubuntu developers
  • Runs as root but can be invoked as a regular user so has been a target for privesc vulns in the past
  • Has various code to drop privileges etc but these were found to be incomplete
  • Impacts of these issues range from DoS by crashing Apport through to local privesc to root

[USN-5428-1] libXrandr vulnerabilities [09:14]

  • 2 CVEs addressed in Xenial ESM (16.04 ESM)
  • Integer overflows -> OOB write plus another different OOB write - all able to be triggered by a malicious remote X server

Goings on in Ubuntu Security Community

Ubuntu in Pwn2Own Vancouver 2022 [09:39]

Get in contact

  continue reading

230 tập

#Alex Murray #Ubuntu Security Team #Linux #Tech #Operating Systems #Alex and Joe #Security #Software Development

Tất cả các tập

×
 
Loading …

Chào mừng bạn đến với Player FM!

Player FM đang quét trang web để tìm các podcast chất lượng cao cho bạn thưởng thức ngay bây giờ. Đây là ứng dụng podcast tốt nhất và hoạt động trên Android, iPhone và web. Đăng ký để đồng bộ các theo dõi trên tất cả thiết bị.

 

Tương tự như Ubuntu Security Podcast

Nghe hơn 500 chủ đề
Player FM - Ứng dụng Podcast
Chuyển sang chế độ ngoại tuyến với ứng dụng Player FM !
Get it on App Store Get it on Google Play

Hướng dẫn sử dụng nhanh

Podcast hàng đầu
Tạp chí thể thao
Tạp chí kinh tế
KBS WORLD Radio Tiếng Hàn qua phim ảnh
Vietnamese News - NHK WORLD RADIO JAPAN
Tạp chí tiêu điểm
The Present Writer
Tạp chí khoa học
Podcasts – Life Abroad Podcast
Player FM logo
Trợ giúp / Hỏi đáp FAQ | Nâng cấp | Advertise
Nghệ thuật|Kinh doanh|Hài kịch|Kinh tế|Giải trí|Tin tức|Chính trị|Tôn giáo
Khoa học|Bóng đá|Thể thao|Chuyện kể|Công nghệ|Tội phạm có thật
Bản quyền 2024 | Sơ đồ trang web | Chính Sách Bảo Mật | Điều khoản dịch vụ | | Bản quyền
Episode being played series thumbnail
icon icon
Tốc độ
Cài đặt series
1x
1x
Volume
100%
icon
icon icon
/

Xem Player FM trong ...
Player FM
Browser
Chrome
Safari
Firefox