Sign up to save your podcasts
Or
Share Episode 170
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 170
Overview
This week we’re diving down into the depths of binary exploitation and
analysis, looking at a number of recent vulnerability and malware
teardowns, plus we cover security updates for FreeType, PHP, ImageMagick,
protobuf-c and more.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-5528-1] FreeType vulnerabilities [01:03]
crafted font file
[USN-5529-1] Linux kernel (OEM) vulnerabilities [01:22]
[USN-5530-1] PHP vulnerability [01:41]
used to get info etc from a binary string - in the example in the
upstream documentation shows using this function to get the MIME info of
a $_POST parameter - so likely this is being used in a bunch of places on
untrusted data - DoS/RCE
[USN-5532-1] Bottle vulnerability [02:34]
trigger an exception -> DoS
[USN-5533-1] Vim vulnerability [02:50]
[USN-5534-1] ImageMagick vulnerabilities [02:58]
of possible UB - impact is not clear but could be possible to crash/RCE
etc
[USN-5531-1] protobuf-c vulnerability [02:32]
which is then linked against that generated code to marshal/unmarshal
protobuf’s
which is implementation defined - so depending on what compiler was used
could have different behaviour - and thus result in code that would write
outside of memory bounds etc - fixed by converting the code to cast to
unsigned type before shifting so that the behaviour is known
Goings on in Linux Security Community
Introduction to x64 Linux Binary Exploitation by @ch0pin [04:24]
vulnerability
Ubuntu to then allow it to be easily exploited
understand the process of developing exploits
hardening features one-by-one and in the process walk through more
detailed and complex techniques for defeating these
way to other sources of documentation / information on related concepts
Part 1 - Basic Buffer Overflow
Part 2 - Return into libc
Part 3 - RoP gadgets and chain
Part 4 - Stack Canaries
Part 5 - ASLR overview and bypass technique
CVE-2022-20186 vulnerability + exploit walkthrough by Github [07:04]
are handled by the driver and then eventually how this can be exploited
from userspace to overwrite arbitrary kernel memory due to an integer
overflow bug
from Google)
Android tree 2 weeks before the vulnerability was disclosed
A detailed technical teardown of Symbiote by @GeeksCyber [08:49]
one has a fair bit more technical details along with disassembled code
sections - good chance to put your skills in Linux binary exploitation to
the test to follow along with the analysis
The Utopic Tale of Ubuntu by the Linux User Space podcast [09:31]
along with the major developments / highlights and some low-lights along
the way
1.5 hours)
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week we’re diving down into the depths of binary exploitation and
analysis, looking at a number of recent vulnerability and malware
teardowns, plus we cover security updates for FreeType, PHP, ImageMagick,
protobuf-c and more.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-5528-1] FreeType vulnerabilities [01:03]
crafted font file
[USN-5529-1] Linux kernel (OEM) vulnerabilities [01:22]
[USN-5530-1] PHP vulnerability [01:41]
used to get info etc from a binary string - in the example in the
upstream documentation shows using this function to get the MIME info of
a $_POST parameter - so likely this is being used in a bunch of places on
untrusted data - DoS/RCE
[USN-5532-1] Bottle vulnerability [02:34]
trigger an exception -> DoS
[USN-5533-1] Vim vulnerability [02:50]
[USN-5534-1] ImageMagick vulnerabilities [02:58]
of possible UB - impact is not clear but could be possible to crash/RCE
etc
[USN-5531-1] protobuf-c vulnerability [02:32]
which is then linked against that generated code to marshal/unmarshal
protobuf’s
which is implementation defined - so depending on what compiler was used
could have different behaviour - and thus result in code that would write
outside of memory bounds etc - fixed by converting the code to cast to
unsigned type before shifting so that the behaviour is known
Goings on in Linux Security Community
Introduction to x64 Linux Binary Exploitation by @ch0pin [04:24]
vulnerability
Ubuntu to then allow it to be easily exploited
understand the process of developing exploits
hardening features one-by-one and in the process walk through more
detailed and complex techniques for defeating these
way to other sources of documentation / information on related concepts
Part 1 - Basic Buffer Overflow
Part 2 - Return into libc
Part 3 - RoP gadgets and chain
Part 4 - Stack Canaries
Part 5 - ASLR overview and bypass technique
CVE-2022-20186 vulnerability + exploit walkthrough by Github [07:04]
are handled by the driver and then eventually how this can be exploited
from userspace to overwrite arbitrary kernel memory due to an integer
overflow bug
from Google)
Android tree 2 weeks before the vulnerability was disclosed
A detailed technical teardown of Symbiote by @GeeksCyber [08:49]
one has a fair bit more technical details along with disassembled code
sections - good chance to put your skills in Linux binary exploitation to
the test to follow along with the analysis
The Utopic Tale of Ubuntu by the Linux User Space podcast [09:31]
along with the major developments / highlights and some low-lights along
the way
1.5 hours)
Get in contact