Episode 87

Posted on Friday, Aug 21, 2020
This week we look at the Drovorub Linux malware outed by the NSA/FBI plus we detail security updates for Dovecot, Apache, Salt, the Linux kernel and more.

Show Notes

Overview

This week we look at the Drovorub Linux malware outed by the NSA/FBI plus we detail security updates for Dovecot, Apache, Salt, the Linux kernel and more.

This week in Ubuntu Security Updates

24 unique CVEs addressed

[USN-4456-1, USN-4456-2] Dovecot vulnerabilities [00:46]

  • 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • 3 DoS issues - nested MIME -> resource exhaustion, Compuserve RPA auth mechanism (rare) -> zero length message -> assert fail, NTLM missing length check -> buffer over read -> crash

[USN-4457-1, USN-4457-2] Software Properties vulnerability [01:39]

  • 1 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • add-apt-repository ANSI escape sequence display from launchpad PPA description

[USN-4458-1] Apache HTTP Server vulnerabilities [02:27]

  • 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • mod_rewrite could be tricked into redirecting to an unexpected URL via newlines encoded into the request URL
  • use of uninitialized memory when proxying to a malicious FTP server -> info leak
  • 2 HTTP/2 issues - improper handling of Cache-Digest headers and certain logging statements -> crash, DoS
  • buffer overflow in mod_proxy_uwsgi - crash / code exec

[USN-4459-1] Salt vulnerabilities [03:18]

  • 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
  • File enumeration on remote server -> info leak
  • Authentication bypass
  • Command injection from unauthenticated users -> code exec on salt-api host
  • Failure to validate method calls and sanitize paths - access control bypass

[USN-4460-1] Oniguruma vulnerabilities [03:58]

[USN-4461-1] Ark vulnerability [04:20]

  • 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS)
  • KDE archive handler - malicious ZIP files could contain files outside the working directory (zip-slip)

[USN-4465-1] Linux kernel vulnerabilities [04:50]

  • 3 CVEs addressed in Bionic (18.04 LTS)
  • 5.3 (hwe)
  • Memory leak in USB testing driver on disconnect - so physical attacker could add / remove device and eventually exhaust memory
  • bcache deadlock -> DoS
  • Crafted XFS metadata could cause a sync of excessive duration -> DoS

[USN-4462-1] Linux kernel vulnerability [05:53]

  • 1 CVEs addressed in Bionic (18.04 LTS)
  • 5.0 (gke / oem)
  • bcache deadlock -> DoS

[USN-4463-1] Linux kernel vulnerabilities [06:06]

  • 2 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS)
  • 4.4 (xenial / trusy esm hwe)
  • bcache deadlock
  • usb testing driver memory leak

[USN-4464-1] GNOME Shell vulnerability [06:24]

  • 1 CVEs addressed in Focal (20.04 LTS)
  • Could show the login password when logging out if had set it visible during login

[USN-4466-1] curl vulnerability [06:53]

  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
  • libcurl - improper handling of the CURLOPT_CONNECT_ONLY option -> could connect to wrong destination and so expose sensitive info

Goings on in Ubuntu Security Community

Joe and Alex discuss Drovorub Linux malware [07:24]

Get in contact