Episode 101

Posted on Thursday, Jan 28, 2021
In the first episode for 2021 we bring back Joe McManus to discuss the SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics drivers and mutt. We also cover some open positions in the team and say farewell to long-time Ubuntu Security superstar Jamie Strandboge.

Show Notes

Overview

In the first episode for 2021 we bring back Joe McManus to discuss the SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics drivers and mutt. We also cover some open positions in the team and say farewell to long-time Ubuntu Security superstar Jamie Strandboge.

This week in Ubuntu Security Updates

22 unique CVEs addressed

[USN-4689-3] NVIDIA graphics drivers vulnerabilities [01:09]

  • 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • 3 different vulns in binary nvidia graphics drivers which could allow unprivileged users to DoS / info leak or possible priv esc

[USN-4689-4] Linux kernel update [01:42]

[USN-4697-2] Pillow vulnerabilities [02:00]

[USN-4702-1] Pound vulnerabilities

[USN-4703-1] Mutt vulnerability [02:18]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • Memory allocation amplification attack -> a “small” sized email can cause mutt to allocate a very large amount of memory when processing the email and cause it to crash as a result of exhausting available memory
  • If had empty semicolons in an address field, mutt would allocate 40 bytes for each - so for a 1 byte ; mutt allocates 40 bytes - and so a 25MB email can cause mutt to allocate 1GB

[USN-4704-1] libsndfile vulnerabilities [03:52]

[USN-4705-1] Sudo vulnerabilities [04:06]

  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
  • https://www.openwall.com/lists/oss-security/2021/01/26/3
  • https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
  • Qualys discovered a heap based buffer overflow in command-line argument parsing in sudo that has existed since July 2011
  • sudo is setuid root so anyone who executes it is then running a process as root - so if a user can exploit a vuln in sudo to get code execution, can get code execution as root as so escalate privileges to root
  • Requires to execute sudo as `sudoedit -s` since this then ensures the right mode is automatically set so that the vulnerability is active
  • Developed 3 different exploits for this vulnerability against various Linux distros (Ubuntu 20.04, Debian 10, Fedora 33 etc)
  • ASLR helps to make this harder to exploit since it randomises the location of the environment variables in memory etc but assuming an unprivileged user can run the exploit multiple times they can eventually exploit it

Goings on in Ubuntu Security Community

Alex discusses the SolarWinds hack with special guest Joe McManus [07:03]

Private home directories for Ubuntu 21.04

Hiring

Engineering Director - Ubuntu Security

Engineering Manager - Ubuntu Security

AppArmor Security Engineer

Ubuntu Security Engineer

Farewells

  • Jamie Strandboge (jdstrand)

Get in contact