Sign up to save your podcasts
Or
Share Episode 56
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 56
Overview
In the second to last episode for 2019, we look at security updates for
Samba, Squid, Git, HAProxy and more, plus Alex and Joe discuss Evil Corp
hacker indictments, unsecured AWS S3 buckets and more.
This week in Ubuntu Security Updates
43 unique CVEs addressed
[USN-4212-1] HAProxy vulnerability [00:50]
headers as binary and these can then contain characters which would be
invalid when converted to HTTP/1.1 - as such these should be treated as
invalid, otherwise allows to send on invalid headers to HTTP/1.1 servers
and could be used to launch attacks against them - so test for and reject
in valid chars (CR, LF and NUL)
[USN-4213-1] Squid vulnerabilities [01:37]
identifier within a particular namespace - e.g. urn:ietf:rfc:2648):
the various access control checks that are normally done for HTTP
weren’t done so could end up accessing restricted HTTP resources (such
as servers that listen to localhost etc)
handling a URN request does not fit within the buffer
cachemgr cgi process - DoS to all clients using the cachemgr
of append_domain setting
value of a pointer from a heap memory allocation - this allows attackers
to deduce this pointer value and therefore help to defeat ASLR
[USN-4214-1] RabbitMQ vulnerability [03:54]
resulting size is calculated that could overflow, and then memory
allocated with this overflowed (and hence small) size, resulting in a
heap buffer overflow when the frame is copied to that resulting buffer -
so instead just reject frames greater than INT32_MAX
[USN-4215-1] NSS vulnerability [04:38]
Certificate Sequences (a type of encoded certificate) handled by NSS
[USN-4216-1] Firefox vulnerabilities [05:07]
[USN-4217-1] Samba vulnerabilities [05:45]
would not be honored properly by the Samba AD DC - so could allow
delegation to be forwarded by clients even when was disabled by config
created that matched the name of a DNS zone due to type confusion
[USN-4218-1] GNU C vulnerability [06:43]
Trusty/Precise etc - posix_memalign integer overflow - allocates memory
of a given size aligned to a certain size - could return a smaller area
than requested -> heap overflow as a result
[USN-4219-1] libssh vulnerability [07:30]
attacker influenced then could possible inject arbitrary commands which
will then be run on the server - so requires the API to be used in a
particular way - but could then allow users to execute commands on the
server even if they should only have been able to copy files
[USN-4220-1] Git vulnerabilities [08:16]
specify git submodules for the parent repo)
possible RCE
of the export-marks option
though these then act as directory separators on Windows
inside the .git dir to be overwritten during clone (file attribute
specific to NTFS, allowing to store data for a file alongside the
actual file itself)
A: but a full name - git would handle these as relative paths, allowing
writing outside the worktree during a clone
[USN-4202-2] Thunderbird regression [10:15]
profile being created for some users so would appear to lose settings etc
[USN-4221-1] libpcap vulnerability [10:37]
about which commit fixes which part but have included all the various
commits from upstream - thanks Steve for taking the time to dig into this
issue
Goings on in Ubuntu Security Community
Alex and Joe discuss Evil Corp hackers and unsecured S3 buckets [11:06]
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
In the second to last episode for 2019, we look at security updates for
Samba, Squid, Git, HAProxy and more, plus Alex and Joe discuss Evil Corp
hacker indictments, unsecured AWS S3 buckets and more.
This week in Ubuntu Security Updates
43 unique CVEs addressed
[USN-4212-1] HAProxy vulnerability [00:50]
headers as binary and these can then contain characters which would be
invalid when converted to HTTP/1.1 - as such these should be treated as
invalid, otherwise allows to send on invalid headers to HTTP/1.1 servers
and could be used to launch attacks against them - so test for and reject
in valid chars (CR, LF and NUL)
[USN-4213-1] Squid vulnerabilities [01:37]
identifier within a particular namespace - e.g. urn:ietf:rfc:2648):
the various access control checks that are normally done for HTTP
weren’t done so could end up accessing restricted HTTP resources (such
as servers that listen to localhost etc)
handling a URN request does not fit within the buffer
cachemgr cgi process - DoS to all clients using the cachemgr
of append_domain setting
value of a pointer from a heap memory allocation - this allows attackers
to deduce this pointer value and therefore help to defeat ASLR
[USN-4214-1] RabbitMQ vulnerability [03:54]
resulting size is calculated that could overflow, and then memory
allocated with this overflowed (and hence small) size, resulting in a
heap buffer overflow when the frame is copied to that resulting buffer -
so instead just reject frames greater than INT32_MAX
[USN-4215-1] NSS vulnerability [04:38]
Certificate Sequences (a type of encoded certificate) handled by NSS
[USN-4216-1] Firefox vulnerabilities [05:07]
[USN-4217-1] Samba vulnerabilities [05:45]
would not be honored properly by the Samba AD DC - so could allow
delegation to be forwarded by clients even when was disabled by config
created that matched the name of a DNS zone due to type confusion
[USN-4218-1] GNU C vulnerability [06:43]
Trusty/Precise etc - posix_memalign integer overflow - allocates memory
of a given size aligned to a certain size - could return a smaller area
than requested -> heap overflow as a result
[USN-4219-1] libssh vulnerability [07:30]
attacker influenced then could possible inject arbitrary commands which
will then be run on the server - so requires the API to be used in a
particular way - but could then allow users to execute commands on the
server even if they should only have been able to copy files
[USN-4220-1] Git vulnerabilities [08:16]
specify git submodules for the parent repo)
possible RCE
of the export-marks option
though these then act as directory separators on Windows
inside the .git dir to be overwritten during clone (file attribute
specific to NTFS, allowing to store data for a file alongside the
actual file itself)
A: but a full name - git would handle these as relative paths, allowing
writing outside the worktree during a clone
[USN-4202-2] Thunderbird regression [10:15]
profile being created for some users so would appear to lose settings etc
[USN-4221-1] libpcap vulnerability [10:37]
about which commit fixes which part but have included all the various
commits from upstream - thanks Steve for taking the time to dig into this
issue
Goings on in Ubuntu Security Community
Alex and Joe discuss Evil Corp hackers and unsecured S3 buckets [11:06]
Get in contact