Sign up to save your podcasts
Or
Share Episode 128
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 128
Overview
This week we dive into Trend Micro’s recent Linux Threat Report and the
release of Ubuntu 20.04.3 LTS, plus we detail security updates for
Inetutils telnetd, the Linux kernel and OpenSSL.
This week in Ubuntu Security Updates
9 unique CVEs addressed
[USN-5048-1] Inetutils vulnerability [00:45]
telnetd - but subsequently the GNU inetutils version was also found to
contain basically the same vulnerable function. Very detailed blog post
re exploiting this on Fedora, great example if you are interested in vuln
hunting etc - patched but why run telnetd?
[USN-5050-1] Linux kernel vulnerabilities [02:03]
other bluetooth vulns - info leak - all covered in previous episodes
[USN-5051-1] OpenSSL vulnerabilities [02:49]
ISO standard elliptic curve algo used for both signature and encryption)
first time to get the required buffer size to hold the decrypted
plaintext - second time to do the actual decryption passing a buffer of
the specified length to hold the result
required -> up to 62 byte buffer overflow using attacker controlled data
unlike normal C strings, bytes array of the string is NOT NUL
terminated in general
other functions ended up assuming ASN1 strings would all be NUL
terminated - plus various functions to parse ASN1 data would also add
NUL terminators too - so if had an application that was manually
constructing ASN1 strings without adding a NUL terminator, this could
result in a buffer overread if these were passed to a function which
expected a NUL (ie functions which print the contents etc)
vulnerable - but fixed to ensure all internal functions which handle
ASN1 strings in OpenSSL respect the length field and not assume is NUL
terminated
Goings on in Ubuntu Security Community
Ubuntu 20.04.3 LTS released [05:58]
select HWE during install process
install
this :)
Trend Micro Linux Threat Report 2021 1H [07:20]
(SPN) (data lake) - collects data across all Trend Micro products plus
various honeypots and other sensors etc - measure of real-world malware
prevalence and vuln exploitation in enterprises
protection of cloud deployments
vBulletin, Eclipse Jetty, Alibaba Nacos, Atlassian Jira, NginX, Liferay
deploying these sorts of applications on Ubuntu/RHEL etc
support in Ubuntu
apache httpd, ISC BIND, openssl, tomcat
OWASP top 10 - ie. SQL injection, command injection, XSS, insecure
deserialisation, XML EE,
iptables, seccomp, AppArmor, SELinux etc - and on practical guidance
mentions Antimalware (ie Trend 😉), IPS/IDS, application whitelisting,
vuln patching, activity monitoring etc
docker images - Python comes in on top with 482 vulns, Node 470,
Wordpress 402, Golang 288, nginx 118, postgres 86, influxdb 85, apache
httpd 84, mysql 76…
vulns - more code, more vulns, also perhaps a larger attack surface etc
too
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we dive into Trend Micro’s recent Linux Threat Report and the
release of Ubuntu 20.04.3 LTS, plus we detail security updates for
Inetutils telnetd, the Linux kernel and OpenSSL.
This week in Ubuntu Security Updates
9 unique CVEs addressed
[USN-5048-1] Inetutils vulnerability [00:45]
telnetd - but subsequently the GNU inetutils version was also found to
contain basically the same vulnerable function. Very detailed blog post
re exploiting this on Fedora, great example if you are interested in vuln
hunting etc - patched but why run telnetd?
[USN-5050-1] Linux kernel vulnerabilities [02:03]
other bluetooth vulns - info leak - all covered in previous episodes
[USN-5051-1] OpenSSL vulnerabilities [02:49]
ISO standard elliptic curve algo used for both signature and encryption)
first time to get the required buffer size to hold the decrypted
plaintext - second time to do the actual decryption passing a buffer of
the specified length to hold the result
required -> up to 62 byte buffer overflow using attacker controlled data
unlike normal C strings, bytes array of the string is NOT NUL
terminated in general
other functions ended up assuming ASN1 strings would all be NUL
terminated - plus various functions to parse ASN1 data would also add
NUL terminators too - so if had an application that was manually
constructing ASN1 strings without adding a NUL terminator, this could
result in a buffer overread if these were passed to a function which
expected a NUL (ie functions which print the contents etc)
vulnerable - but fixed to ensure all internal functions which handle
ASN1 strings in OpenSSL respect the length field and not assume is NUL
terminated
Goings on in Ubuntu Security Community
Ubuntu 20.04.3 LTS released [05:58]
select HWE during install process
install
this :)
Trend Micro Linux Threat Report 2021 1H [07:20]
(SPN) (data lake) - collects data across all Trend Micro products plus
various honeypots and other sensors etc - measure of real-world malware
prevalence and vuln exploitation in enterprises
protection of cloud deployments
vBulletin, Eclipse Jetty, Alibaba Nacos, Atlassian Jira, NginX, Liferay
deploying these sorts of applications on Ubuntu/RHEL etc
support in Ubuntu
apache httpd, ISC BIND, openssl, tomcat
OWASP top 10 - ie. SQL injection, command injection, XSS, insecure
deserialisation, XML EE,
iptables, seccomp, AppArmor, SELinux etc - and on practical guidance
mentions Antimalware (ie Trend 😉), IPS/IDS, application whitelisting,
vuln patching, activity monitoring etc
docker images - Python comes in on top with 482 vulns, Node 470,
Wordpress 402, Golang 288, nginx 118, postgres 86, influxdb 85, apache
httpd 84, mysql 76…
vulns - more code, more vulns, also perhaps a larger attack surface etc
too
Get in contact