Sign up to save your podcasts
Or
Share Episode 79
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 79
Overview
This week Joe discusses Intel’s CET announcement with John Johansen, plus
Alex details recent security fixes including SQLite, fwupd, NSS, DBus and
more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4394-1] SQLite vulnerabilities [00:56]
printing high precision floating point numbers, various minor issues when
handling crafted databases
[USN-4385-2] Intel Microcode regression [01:43]
identified by the triplet of CPU Family, Model and Stepping - this is
listed in /proc/cpuinfo - mine say is 6, 142, 10 - in hex - 06-8E-0A -
would cause a specific Skylake processor type to fail to boot
(06-4e-03) - we reverted this back to the previous release version from
November 2019
[USN-4395-1] fwupd vulnerability [03:39]
general not an issue since would need to be able to get in the middle of
firmware updates (which come from LVFS via HTTPS) - so either would need
to compromise LVFS directly or the HTTPS connection to it.
[USN-4315-2] Apport vulnerabilities [06:11]
[USN-4396-1] libexif vulnerabilities [06:24]
overflow, etc
[USN-4397-1] NSS vulnerabilities [07:24]
the difference in time of various operations (dependent on the contents
of the private key) - the key value could be inferred by an attacker
[USN-4398-1, USN-4398-2] DBus vulnerability [08:01]
the dbus daemon - daemon will validate that messages only contain a
certain number of file-descriptors - if too may, will reject BUT fail to
close those file-descriptors - eventually would accumulate too many open
files itself and so the daemon would not be able to accept new
connections -> DoS from a local unprivileged user
Goings on in Ubuntu Security Community
Joe discusses Intel CET with John Johansen (aka JJ) [09:28]
Return Oriented Programming (ROP) https://en.wikipedia.org/wiki/Return-oriented_programming
Sigreturn Oriented Programming (SROP) (https://en.wikipedia.org/wiki/Sigreturn-oriented_programming
Jump/Call Oriented Programming (JOP) https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/ASIACCS11.pdf
Control-flow Enforcement technology (CET)
CFI in software
Kernel
gcc
glibc
LLVM/Clang
CET on windows
Pre CET software based CFI on windows
Papers/talks on attacking CET/CFI
Smashing the stack for fun and profit
StackClash
Get in contact
View all episodes
By Ubuntu Security Team
4.8
1010 ratings
Overview
This week Joe discusses Intel’s CET announcement with John Johansen, plus
Alex details recent security fixes including SQLite, fwupd, NSS, DBus and
more.
This week in Ubuntu Security Updates
24 unique CVEs addressed
[USN-4394-1] SQLite vulnerabilities [00:56]
printing high precision floating point numbers, various minor issues when
handling crafted databases
[USN-4385-2] Intel Microcode regression [01:43]
identified by the triplet of CPU Family, Model and Stepping - this is
listed in /proc/cpuinfo - mine say is 6, 142, 10 - in hex - 06-8E-0A -
would cause a specific Skylake processor type to fail to boot
(06-4e-03) - we reverted this back to the previous release version from
November 2019
[USN-4395-1] fwupd vulnerability [03:39]
general not an issue since would need to be able to get in the middle of
firmware updates (which come from LVFS via HTTPS) - so either would need
to compromise LVFS directly or the HTTPS connection to it.
[USN-4315-2] Apport vulnerabilities [06:11]
[USN-4396-1] libexif vulnerabilities [06:24]
overflow, etc
[USN-4397-1] NSS vulnerabilities [07:24]
the difference in time of various operations (dependent on the contents
of the private key) - the key value could be inferred by an attacker
[USN-4398-1, USN-4398-2] DBus vulnerability [08:01]
the dbus daemon - daemon will validate that messages only contain a
certain number of file-descriptors - if too may, will reject BUT fail to
close those file-descriptors - eventually would accumulate too many open
files itself and so the daemon would not be able to accept new
connections -> DoS from a local unprivileged user
Goings on in Ubuntu Security Community
Joe discusses Intel CET with John Johansen (aka JJ) [09:28]
Return Oriented Programming (ROP) https://en.wikipedia.org/wiki/Return-oriented_programming
Sigreturn Oriented Programming (SROP) (https://en.wikipedia.org/wiki/Sigreturn-oriented_programming
Jump/Call Oriented Programming (JOP) https://www.csc2.ncsu.edu/faculty/xjiang4/pubs/ASIACCS11.pdf
Control-flow Enforcement technology (CET)
CFI in software
Kernel
gcc
glibc
LLVM/Clang
CET on windows
Pre CET software based CFI on windows
Papers/talks on attacking CET/CFI
Smashing the stack for fun and profit
StackClash
Get in contact