Ubuntu Security Podcast

Episode 69

Listen Later
Overview

This week we cover security updates for a Linux kernel vulnerability

disclosed during pwn2own, Timeshift, pam-krb5 and more, plus we have a
special guest, Vineetha Kamath, to discuss security certifications for
Ubuntu.

This week in Ubuntu Security Updates

10 unique CVEs addressed

[USN-4308-2] Twisted vulnerabilities [00:42]
  • 4 CVEs addressed in Trusty ESM
    • CVE-2020-10109
    • CVE-2020-10108
    • CVE-2019-12855
    • CVE-2019-12387
    • Episode 68 - 4 of the 7 CVEs described there affect Twisted in 14.04
      • ESM
      [USN-4310-1] WebKitGTK+ vulnerability [01:09]
      • 1 CVEs addressed in Bionic, Eoan
        • CVE-2020-10018
        • UAF - discovered by CloudFuzz
          • [USN-4312-1] Timeshift vulnerability [01:49]
          • 1 CVEs addressed in Eoan
            • CVE-2020-10174
            • Reuses predictably named temporary directory to execute scripts - and
              • runs as root - so a local attacker could replace the script in this
              predictably named directory with one containing malicious commands, to
              get code execution as root. Fixed by using a randomly named directory
              and setting the permissions on it so other users can’t write to it.
              [USN-4313-1] Linux kernel vulnerability [02:43]
              • 1 CVEs addressed in Bionic, Eoan
                • CVE-2020-8835
                • pwn2own - Manfred Paul discovered the BPF verifier in the Linux kernel
                  • did not properly calculate register bounds for 32-bit operations - so if
                  allow unprivileged users to load BPF, this could be used to read or write
                  kernel memory. Can then use this to elevate privileges to root.
                • https://www.thezdi.com/blog/2020/3/19/pwn2own-2020-day-one-results
                  • [USN-4311-1] BlueZ vulnerabilities [03:52]
                  • 2 CVEs addressed in Xenial, Bionic, Eoan
                    • CVE-2016-7837
                    • CVE-2020-0556
                    • Didn’t handle bonding of HID and HOGP (HID over GATT - Generic Attribute
                      • Profile) devices - local attacker could use this to impersonate
                      non-bonded devices
                    • Buffer overflow in parse_line function used by some CLI-based userland
                      • utils
                      [USN-4314-1] pam-krb5 vulnerability [04:50]
                      • 1 CVEs addressed in Precise ESM, Trusty ESM, Xenial, Bionic, Eoan
                        • CVE-2020-10595
                        • Single-byte buffer overflow could potentially allow RCE - buffer is
                          • provided by underlying kerberos library - attacker can supply input of
                          special length to overflow this and then cause memory corruption -
                          possible heap or stack corruption. Only used in code-paths where Kerberos
                          lib does supplemental prompting, or if running PAM with no_prompt
                          configured.
                          Goings on in Ubuntu Security Community
                          Joe and Vineetha discuss security certifications for Ubuntu [06:14]
                          Get in contact
                          • [email protected]
                          • #ubuntu-security on the Libera.Chat IRC network
                          • ubuntu-hardened mailing list
                          • Security section on discourse.ubuntu.com
                          • @ubuntu_sec on twitter
                            • ...more
                            View all episodesView all episodes
                            Download on the App Store
                            Ubuntu Security PodcastBy Ubuntu Security Team
                            • 4.8
                            • 4.8
                            • 4.8
                            • 4.8
                            • 4.8

                            4.8

                            10 ratings