Episode 111

Episode 111

Update: 2021-04-08
Share

Description

Overview


This week we look at how Ubuntu is faring at Pwn2Own 2021 (which still has
1 day and 2 more attempts at pwning Ubuntu 20.10 to go) plus we look at
security updates for SpamAssassin, the Linux kernel, Rack and Django, and
we cover some open positions on the Ubuntu Security team too.


This week in Ubuntu Security Updates


14 unique CVEs addressed


[USN-4899-1] SpamAssassin vulnerability [00:46 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)


  • Damian Lukowski - remote code execution in configuration file parser for
    SpamAssassin - failed to properly sanitise certain elements of config
    files so could allow an attacker to specify commands to be executed by
    SpamAssassin - if not using configs from untrusted sources should be fine


[USN-4900-1] OpenEXR vulnerabilities [01:40 ]



[USN-4901-1] Linux kernel (Trusty HWE) vulnerabilities [02:24 ]



[USN-4561-2] Rack vulnerabilities [03:27 ]



  • 2 CVEs addressed in Xenial (16.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Modular Ruby webserver interface

  • Episode 93 - 18.04 LTS - now provided for remaining releases


[USN-4902-1] Django vulnerability [03:53 ]



  • 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)


  • Potential directory traversal via uploaded files - if using a custom
    upload handler with the MultiPartParser from the django parsers
    framework, could have been vulnerable - didn’t affect any of the built-in
    upload parsers within django hence the low priority rating for this CVE


Goings on in Ubuntu Security Community


Ubuntu at Pwn2Own 2021 [04:47 ]



  • https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results

  • 6th, 7th & 8th April - 23 separate entries targeting 10 different
    products in the categories of Web Browsers, Virtualization, Servers,
    Local Escalation of Privilege, and Enterprise
    Communications (aka Zoom, MS Teams etc)

  • 14 years - grows each year to include new targets / platforms - this year
    included categories for both automotive (Tesla Model 3) and Enterprise
    applications (MS Office, Adobe Reader) - but neither had any entrants

  • 4 different teams targeted Ubuntu Desktop in local privilege escalation
    category - go from a standard user to root - and pwn2own rules say this
    must be via a kernel vulnerability - in this case it is an up-to-date
    Ubuntu 20.10 install running inside a virtual machine

  • Attempts on day 1 and 2 were both successful - Ryota Shiga of Flatt
    Security and Manfred Paul both used separate OOB access bugs to escalate
    from a standard user to root

    • each earned $30,000 and 3 points in the competitions Master of Pwn
      award



  • Tomorrow (8th) will see two more attempts by Billy from STAR Labs and
    Vincent Dehors of Synacktiv - this will be live-streamed too on YouTube,
    Twitch, and the conference site.

  • Also not just Ubuntu was exploited - so far all teams who have attempted
    to exploit have been successful - Safari, MS Exchange, MS Teams, Windows
    10, Parallels Desktop, Chrome, Microsoft Edge, Zoom

    • only exception so far is for STAR Labs who have not managed to get
      their exploits working in the allotted time



  • More details to follow once the vulns and their fixes become public -
    competition has a 90 day policy for fixes to be public but I suspect we
    will see these sooner than that - regardless will look at remaining results of
    other 2 teams next week as well


Hiring [10:03 ]


AppArmor Security Engineer



Linux Cryptography and Security Engineer



Security Engineer - Ubuntu



Get in contact


Comments 
In Channel
Episode 114

Episode 114

2021-05-0612:44

Episode 113

Episode 113

2021-04-3016:28

Episode 112

Episode 112

2021-04-1614:37

Episode 111

Episode 111

2021-04-0812:10

Episode 110

Episode 110

2021-04-0113:57

Episode 109

Episode 109

2021-03-2608:16

Episode 108

Episode 108

2021-03-1911:48

Episode 107

Episode 107

2021-03-1212:04

Episode 106

Episode 106

2021-03-0414:00

Episode 105

Episode 105

2021-02-2517:03

Episode 104

Episode 104

2021-02-1914:18

Episode 103

Episode 103

2021-02-1213:14

Episode 102

Episode 102

2021-02-0512:26

Episode 101

Episode 101

2021-01-2827:25

Episode 100

Episode 100

2020-12-1117:46

Episode 99

Episode 99

2020-12-0418:35

Episode 98

Episode 98

2020-11-2713:54

Episode 97

Episode 97

2020-11-2115:11

Episode 96

Episode 96

2020-11-1307:41

Episode 95

Episode 95

2020-11-0610:26

loading
Download from Google Play
Download from App Store
00:00
00:00
x

0.5x

0.8x

1.0x

1.25x

1.5x

2.0x

3.0x

Sleep Timer

Off

End of Episode

5 Minutes

10 Minutes

15 Minutes

30 Minutes

45 Minutes

60 Minutes

120 Minutes

Episode 111

Episode 111

Ubuntu Security Team