المحتوى المقدم من Alex Murray and Ubuntu Security Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Alex Murray and Ubuntu Security Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Player FM - تطبيق بودكاست
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
انتقل إلى وضع عدم الاتصال باستخدام تطبيق Player FM !
Episode 170
MP3•منزل الحلقة
Manage episode 335785232 series 2423058
المحتوى المقدم من Alex Murray and Ubuntu Security Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Alex Murray and Ubuntu Security Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Overview
This week we’re diving down into the depths of binary exploitation and analysis, looking at a number of recent vulnerability and malware teardowns, plus we cover security updates for FreeType, PHP, ImageMagick, protobuf-c and more.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-5528-1] FreeType vulnerabilities [01:03]
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Various heap buffer overflows - all which could be triggered from a crafted font file
[USN-5529-1] Linux kernel (OEM) vulnerabilities [01:22]
- 11 CVEs addressed in Jammy (22.04 LTS)
- 5.17 22.04 LTS OEM
[USN-5530-1] PHP vulnerability [01:41]
- 1 CVEs addressed in Jammy (22.04 LTS)
- php-8.1 in 22.04 LTS - heap buffer overflow in
finfo_buffer
function - used to get info etc from a binary string - in the example in the upstream documentation shows using this function to get the MIME info of a$_POST
parameter - so likely this is being used in a bunch of places on untrusted data - DoS/RCE
[USN-5532-1] Bottle vulnerability [02:34]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Python framework for building web-applications
- Failed to handle errors properly - could allow a remote request to trigger an exception -> DoS
[USN-5533-1] Vim vulnerability [02:50]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Another OOB write in vim -> crash / RCE
[USN-5534-1] ImageMagick vulnerabilities [02:58]
- 3 CVEs addressed in Xenial ESM (16.04 ESM)
- Someone has been running ImageMagick via UBSAN - found a number of cases of possible UB - impact is not clear but could be possible to crash/RCE etc
[USN-5531-1] protobuf-c vulnerability [02:32]
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Used to compile protobuf specification to C code along with a library which is then linked against that generated code to marshal/unmarshal protobuf’s
- Invalid arithmetic shift - previous code would right shift signed values which is implementation defined - so depending on what compiler was used could have different behaviour - and thus result in code that would write outside of memory bounds etc - fixed by converting the code to cast to unsigned type before shifting so that the behaviour is known
Goings on in Linux Security Community
Introduction to x64 Linux Binary Exploitation by @ch0pin [04:24]
- Great series of blog posts from earlier this year
- Starts by creating a small program with a basic stack buffer overflow vulnerability
- Then disables all the various hardening features which have been added to Ubuntu to then allow it to be easily exploited
- Along the way explains memory layout, processor architecture etc to help understand the process of developing exploits
- Further blog posts in the series then start to enable the various hardening features one-by-one and in the process walk through more detailed and complex techniques for defeating these
- Great insight to the process - also includes good references along the way to other sources of documentation / information on related concepts
Part 1 - Basic Buffer Overflow
Part 2 - Return into libc
Part 3 - RoP gadgets and chain
Part 4 - Stack Canaries
Part 5 - ASLR overview and bypass technique
- https://valsamaras.medium.com/introduction-to-x64-linux-binary-exploitation-part-5-aslr-394d0dc8e4fb
CVE-2022-20186 vulnerability + exploit walkthrough by Github [07:04]
- https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/
- Vulnerability in the ARM Mali GPU driver in the Android kernel
- Walks through the code to give a good understanding of how memory pages are handled by the driver and then eventually how this can be exploited from userspace to overwrite arbitrary kernel memory due to an integer overflow bug
- Even includes an exploit for Pixel 6 (patched with the June Pixel update from Google)
- Interesting footnote about how the patch for the vuln was visible in the Android tree 2 weeks before the vulnerability was disclosed
A detailed technical teardown of Symbiote by @GeeksCyber [08:49]
- https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/
- We covered a different teardown of Symbiote back in Episode 163 - this one has a fair bit more technical details along with disassembled code sections - good chance to put your skills in Linux binary exploitation to the test to follow along with the analysis
The Utopic Tale of Ubuntu by the Linux User Space podcast [09:31]
- https://www.linuxuserspace.show/302
- Starts around 9:45 - covers every year of Ubuntu from 2004 through to now along with the major developments / highlights and some low-lights along the way
- Great walk down memory lane / background for those new to Ubuntu
- Not really security specific but is a great listen (beware goes for over 1.5 hours)
Get in contact
231 حلقات
MP3•منزل الحلقة
Manage episode 335785232 series 2423058
المحتوى المقدم من Alex Murray and Ubuntu Security Team. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرةً بواسطة Alex Murray and Ubuntu Security Team أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.
Overview
This week we’re diving down into the depths of binary exploitation and analysis, looking at a number of recent vulnerability and malware teardowns, plus we cover security updates for FreeType, PHP, ImageMagick, protobuf-c and more.
This week in Ubuntu Security Updates
22 unique CVEs addressed
[USN-5528-1] FreeType vulnerabilities [01:03]
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Various heap buffer overflows - all which could be triggered from a crafted font file
[USN-5529-1] Linux kernel (OEM) vulnerabilities [01:22]
- 11 CVEs addressed in Jammy (22.04 LTS)
- 5.17 22.04 LTS OEM
[USN-5530-1] PHP vulnerability [01:41]
- 1 CVEs addressed in Jammy (22.04 LTS)
- php-8.1 in 22.04 LTS - heap buffer overflow in
finfo_buffer
function - used to get info etc from a binary string - in the example in the upstream documentation shows using this function to get the MIME info of a$_POST
parameter - so likely this is being used in a bunch of places on untrusted data - DoS/RCE
[USN-5532-1] Bottle vulnerability [02:34]
- 1 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Jammy (22.04 LTS)
- Python framework for building web-applications
- Failed to handle errors properly - could allow a remote request to trigger an exception -> DoS
[USN-5533-1] Vim vulnerability [02:50]
- 1 CVEs addressed in Xenial ESM (16.04 ESM)
- Another OOB write in vim -> crash / RCE
[USN-5534-1] ImageMagick vulnerabilities [02:58]
- 3 CVEs addressed in Xenial ESM (16.04 ESM)
- Someone has been running ImageMagick via UBSAN - found a number of cases of possible UB - impact is not clear but could be possible to crash/RCE etc
[USN-5531-1] protobuf-c vulnerability [02:32]
- 1 CVEs addressed in Focal (20.04 LTS), Jammy (22.04 LTS)
- Used to compile protobuf specification to C code along with a library which is then linked against that generated code to marshal/unmarshal protobuf’s
- Invalid arithmetic shift - previous code would right shift signed values which is implementation defined - so depending on what compiler was used could have different behaviour - and thus result in code that would write outside of memory bounds etc - fixed by converting the code to cast to unsigned type before shifting so that the behaviour is known
Goings on in Linux Security Community
Introduction to x64 Linux Binary Exploitation by @ch0pin [04:24]
- Great series of blog posts from earlier this year
- Starts by creating a small program with a basic stack buffer overflow vulnerability
- Then disables all the various hardening features which have been added to Ubuntu to then allow it to be easily exploited
- Along the way explains memory layout, processor architecture etc to help understand the process of developing exploits
- Further blog posts in the series then start to enable the various hardening features one-by-one and in the process walk through more detailed and complex techniques for defeating these
- Great insight to the process - also includes good references along the way to other sources of documentation / information on related concepts
Part 1 - Basic Buffer Overflow
Part 2 - Return into libc
Part 3 - RoP gadgets and chain
Part 4 - Stack Canaries
Part 5 - ASLR overview and bypass technique
- https://valsamaras.medium.com/introduction-to-x64-linux-binary-exploitation-part-5-aslr-394d0dc8e4fb
CVE-2022-20186 vulnerability + exploit walkthrough by Github [07:04]
- https://github.blog/2022-07-27-corrupting-memory-without-memory-corruption/
- Vulnerability in the ARM Mali GPU driver in the Android kernel
- Walks through the code to give a good understanding of how memory pages are handled by the driver and then eventually how this can be exploited from userspace to overwrite arbitrary kernel memory due to an integer overflow bug
- Even includes an exploit for Pixel 6 (patched with the June Pixel update from Google)
- Interesting footnote about how the patch for the vuln was visible in the Android tree 2 weeks before the vulnerability was disclosed
A detailed technical teardown of Symbiote by @GeeksCyber [08:49]
- https://cybergeeks.tech/how-to-analyze-linux-malware-a-case-study-of-symbiote/
- We covered a different teardown of Symbiote back in Episode 163 - this one has a fair bit more technical details along with disassembled code sections - good chance to put your skills in Linux binary exploitation to the test to follow along with the analysis
The Utopic Tale of Ubuntu by the Linux User Space podcast [09:31]
- https://www.linuxuserspace.show/302
- Starts around 9:45 - covers every year of Ubuntu from 2004 through to now along with the major developments / highlights and some low-lights along the way
- Great walk down memory lane / background for those new to Ubuntu
- Not really security specific but is a great listen (beware goes for over 1.5 hours)
Get in contact
231 حلقات
كل الحلقات
×مرحبًا بك في مشغل أف ام!
يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.