Episode 96
This week we look at results from the Tianfu Cup 2020, the PLATYPUS attack against Intel CPUs, a detailed writeup of the GDM/accountsservice vulnerabilities covered in [Episode 95](https://ubuntusecuritypodcast.org/episode-95/) and more....
Ubuntu Security Podcast · Ubuntu Security Team
November 13, 20207m 41s
Audio is streamed directly from the publisher (people.canonical.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
Overview
This week we look at results from the Tianfu Cup 2020, the PLATYPUS attack against Intel CPUs, a detailed writeup of the GDM/accountsservice vulnerabilities covered in Episode 95 and more.
Goings on in Ubuntu Security Community
Tianfu Cup 2020 [00:37]
- https://www.zdnet.com/article/windows-10-ios-chrome-and-many-others-fall-at-chinas-top-hacking-contest/
- QEMU on Ubuntu, Firefox and docker all pwned (as well as Chrome, Safari, VMWare ESXi, CentOS 8, iPhone etc)
- qemu-kvm on Ubuntu - used a UAF and an info-leak to escape VM and get root code exec on host - by Xiao Wei from 360 ESG Vuln Research Institute who has previously found lots of QEMU bugs - $60k
- Still waiting on upstream qemu / docker to release details - Firefox already patched in CVE-2020-26950
Github writeup of GDM/accountsservice vulnerabilities [02:53]
- We covered the vulns in last week’s Episode 95
- Kevin Backhouse provides a great amount of detail and a cool demo video of the attack - https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
- https://portswigger.net/daily-swig/vulnerabilities-in-ubuntu-desktop-enabled-root-access-in-two-simple-steps
PLATYPUS attack against Intel CPUs [03:41]
- https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/Platypus
- https://platypusattack.com/
- https://www.zdnet.com/article/new-platypus-attack-can-steal-data-from-intel-cpus/
This week in Ubuntu Security Updates [05:27]
23 unique CVEs addressed
[USN-4617-1] SPICE vdagent vulnerabilities
- 4 CVEs addressed in Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
[USN-4616-2] AccountsService vulnerabilities
- 2 CVEs addressed in Trusty ESM (14.04 ESM)
[USN-4618-1] tmux vulnerability
- 1 CVEs addressed in Focal (20.04 LTS), Groovy (20.10)
[USN-4619-1] dom4j vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS)
[USN-4599-3] Firefox regressions
- Affecting Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
- Episode 94
[USN-4620-1] phpLDAPadmin vulnerability
- 1 CVEs addressed in Bionic (18.04 LTS)
[USN-4621-1] netqmail vulnerabilities
- 5 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS)
[USN-4622-1] OpenLDAP vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
[USN-4623-1] Pacemaker vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
[USN-4624-1] libexif vulnerability
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
[USN-4625-1] Firefox vulnerability
- 1 CVEs addressed in Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)
[USN-4626-1] Linux kernel vulnerabilities
- 2 CVEs addressed in Groovy (20.10)
[USN-4627-1] Linux kernel vulnerability
- 1 CVEs addressed in Precise ESM (12.04 ESM), Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS)
[USN-4628-1] Intel Microcode vulnerabilities
- 3 CVEs addressed in Trusty ESM (14.04 ESM), Xenial (16.04 LTS), Bionic (18.04 LTS), Focal (20.04 LTS), Groovy (20.10)