Episode 101

Episode 101

Update: 2021-01-28
Share

Description

Overview


In the first episode for 2021 we bring back Joe McManus to discuss the
SolarWinds hack plus we look at vulnerabilities in sudo, NVIDIA graphics
drivers and mutt. We also cover some open positions in the team and say
farewell to long-time Ubuntu Security superstar Jamie Strandboge.


This week in Ubuntu Security Updates


22 unique CVEs addressed


[USN-4689-3] NVIDIA graphics drivers vulnerabilities [01:09 ]



  • 3 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • 3 different vulns in binary nvidia graphics drivers which could allow
    unprivileged users to DoS / info leak or possible priv esc


[USN-4689-4] Linux kernel update [01:42 ]



[USN-4697-2] Pillow vulnerabilities [02:00 ]



[USN-4702-1] Pound vulnerabilities



[USN-4703-1] Mutt vulnerability [02:18 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Memory allocation amplification attack -> a “small” sized email can cause
    mutt to allocate a very large amount of memory when processing the email
    and cause it to crash as a result of exhausting available memory

  • If had empty semicolons in an address field, mutt would allocate 40 bytes
    for each - so for a 1 byte ; mutt allocates 40 bytes - and so a 25MB
    email can cause mutt to allocate 1GB


[USN-4704-1] libsndfile vulnerabilities [03:52 ]



[USN-4705-1] Sudo vulnerabilities [04:06 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • https://www.openwall.com/lists/oss-security/2021/01/26/3

  • https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit

  • Qualys discovered a heap based buffer overflow in command-line argument
    parsing in sudo that has existed since July 2011

  • sudo is setuid root so anyone who executes it is then running a process
    as root - so if a user can exploit a vuln in sudo to get code execution,
    can get code execution as root as so escalate privileges to root

  • Requires to execute sudo as `sudoedit -s` since this then ensures the right
    mode is automatically set so that the vulnerability is active

  • Developed 3 different exploits for this vulnerability against various
    Linux distros (Ubuntu 20.04, Debian 10, Fedora 33 etc)

  • ASLR helps to make this harder to exploit since it randomises the
    location of the environment variables in memory etc but assuming an
    unprivileged user can run the exploit multiple times they can eventually
    exploit it


Goings on in Ubuntu Security Community


Alex discusses the SolarWinds hack with special guest Joe McManus [07:03 ]



Private home directories for Ubuntu 21.04



Hiring


Engineering Director - Ubuntu Security



Engineering Manager - Ubuntu Security



AppArmor Security Engineer



Ubuntu Security Engineer



Farewells



  • Jamie Strandboge (jdstrand)


Get in contact


Comments 
In Channel
Episode 115

Episode 115

2021-05-1412:44

Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 101

Episode 101

Ubuntu Security Team