November 13, 2020

Episode 96

7 minutes

Overview

This week we look at results from the Tianfu Cup 2020, the PLATYPUS attack

against Intel CPUs, a detailed writeup of the GDM/accountsservice

vulnerabilities covered in Episode 95 and more.

Goings on in Ubuntu Security Community

Tianfu Cup 2020 [00:37]

https://www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest/

QEMU on Ubuntu, Firefox and docker all pwned (as well as Chrome, Safari,

VMWare ESXi, CentOS 8, iPhone etc)

qemu-kvm on Ubuntu - used a UAF and an info-leak to escape VM and get

root code exec on host - by Xiao Wei from 360 ESG Vuln Research Institute

who has previously found lots of QEMU bugs - $60k

Still waiting on upstream qemu / docker to release details - Firefox

already patched in CVE-2020-26950

Github writeup of GDM/accountsservice vulnerabilities [02:53]

We covered the vulns in last week’s Episode 95

Kevin Backhouse provides a great amount of detail and a cool demo video

of the attack -

https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE

https://portswigger.net/daily-swig/vulnerabilities-in-ubuntu-desktop-enabled-root-access-in-two-simple-steps

PLATYPUS attack against Intel CPUs [03:41]

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus

https://platypusattack.com/

https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/

This week in Ubuntu Security Updates [05:27]

23 unique CVEs addressed

[USN-4617-1] SPICE vdagent vulnerabilities

4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-25653

CVE-2020-25652

CVE-2020-25651

CVE-2020-25650

[USN-4616-2] AccountsService vulnerabilities

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2018-14036

CVE-2020-16126

[USN-4618-1] tmux vulnerability

1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)

CVE-2020-27347

[USN-4619-1] dom4j vulnerability

1 CVEs addressed in Xenial (16.04 LTS)

CVE-2018-1000632

[USN-4599-3] Firefox regressions

Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

Episode 94

[USN-4620-1] phpLDAPadmin vulnerability

1 CVEs addressed in Bionic (18.04 LTS)

CVE-2017-11107

[USN-4621-1] netqmail vulnerabilities

5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-3812

CVE-2020-3811

CVE-2005-1515

CVE-2005-1514

CVE-2005-1513

[USN-4622-1] OpenLDAP vulnerability

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-25692

[USN-4623-1] Pacemaker vulnerability

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-25654

[USN-4624-1] libexif vulnerability

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-0452

[USN-4625-1] Firefox vulnerability

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-26950

[USN-4626-1] Linux kernel vulnerabilities

2 CVEs addressed in Groovy (20.10)

CVE-2020-8694

CVE-2020-27194

[USN-4627-1] Linux kernel vulnerability

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-8694

[USN-4628-1] Intel Microcode vulnerabilities

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-8698

CVE-2020-8696

CVE-2020-8695

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

View all episodes

By Ubuntu Security Team

4.8

1010 ratings

November 13, 2020

Episode 96

7 minutes

Overview

This week we look at results from the Tianfu Cup 2020, the PLATYPUS attack

against Intel CPUs, a detailed writeup of the GDM/accountsservice

vulnerabilities covered in Episode 95 and more.

Goings on in Ubuntu Security Community

Tianfu Cup 2020 [00:37]

https://www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest/

QEMU on Ubuntu, Firefox and docker all pwned (as well as Chrome, Safari,

VMWare ESXi, CentOS 8, iPhone etc)

qemu-kvm on Ubuntu - used a UAF and an info-leak to escape VM and get

root code exec on host - by Xiao Wei from 360 ESG Vuln Research Institute

who has previously found lots of QEMU bugs - $60k

Still waiting on upstream qemu / docker to release details - Firefox

already patched in CVE-2020-26950

Github writeup of GDM/accountsservice vulnerabilities [02:53]

We covered the vulns in last week’s Episode 95

Kevin Backhouse provides a great amount of detail and a cool demo video

of the attack -

https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE

https://portswigger.net/daily-swig/vulnerabilities-in-ubuntu-desktop-enabled-root-access-in-two-simple-steps

PLATYPUS attack against Intel CPUs [03:41]

https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus

https://platypusattack.com/

https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/

This week in Ubuntu Security Updates [05:27]

23 unique CVEs addressed

[USN-4617-1] SPICE vdagent vulnerabilities

4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-25653

CVE-2020-25652

CVE-2020-25651

CVE-2020-25650

[USN-4616-2] AccountsService vulnerabilities

2 CVEs addressed in Trusty ESM (14.04 ESM)

CVE-2018-14036

CVE-2020-16126

[USN-4618-1] tmux vulnerability

1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)

CVE-2020-27347

[USN-4619-1] dom4j vulnerability

1 CVEs addressed in Xenial (16.04 LTS)

CVE-2018-1000632

[USN-4599-3] Firefox regressions

Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

Episode 94

[USN-4620-1] phpLDAPadmin vulnerability

1 CVEs addressed in Bionic (18.04 LTS)

CVE-2017-11107

[USN-4621-1] netqmail vulnerabilities

5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)

CVE-2020-3812

CVE-2020-3811

CVE-2005-1515

CVE-2005-1514

CVE-2005-1513

[USN-4622-1] OpenLDAP vulnerability

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-25692

[USN-4623-1] Pacemaker vulnerability

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-25654

[USN-4624-1] libexif vulnerability

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-0452

[USN-4625-1] Firefox vulnerability

1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-26950

[USN-4626-1] Linux kernel vulnerabilities

2 CVEs addressed in Groovy (20.10)

CVE-2020-8694

CVE-2020-27194

[USN-4627-1] Linux kernel vulnerability

1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)

CVE-2020-8694

[USN-4628-1] Intel Microcode vulnerabilities

3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)

CVE-2020-8698

CVE-2020-8696

CVE-2020-8695

Get in contact

[email protected]

#ubuntu-security on the Libera.Chat IRC network

ubuntu-hardened mailing list

Security section on discourse.ubuntu.com

@ubuntu_sec on twitter

...more

Share Episode 96

Sign up to save your podcasts

Episode 96

Episode 96