#ubuntu

William discusses what happens when security is an afterthought rather than baked into processes and highlights the latest of Talos' security research.

By Aleksandar Nikolich Earlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing

### Summary This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET request to any internal resource on any Host, Port, URL combination regardless of present security mechanisms, and forcing the victim’s server into an infinite loop causing Denial of Service. Moreover, this issue can also be maneuvered into performing a Blind SSRF attack. ### Details The Webfinger endpoint takes a remote domain for checking accounts as a feature, however, as per the ActivityPub spec (https://www.w3.org/TR/activitypub/#security-considerations), on the security considerations section at B.3, access to Localhost services should be prevented while running in production. The **lookupWebFinger** function, responsible for returning an actor handler for received actor objects from a remote server, can be abused to perform a Denial of Service (DoS) and Blind SSRF attacks while attempting to resolve a malicious actor’s object. On Fedify, two client-facing functions implement the *...

January Linux Patch Wednesday. Out of 424 total vulnerabilities, 271 are in the Linux Kernel. None show signs of exploitation in the wild, but 9 have public exploits. 🔸 RCE – Apache Tomcat (CVE-2024-56337). Based on the description, the vulnerability affects “case-insensitive file systems” like Windows or MacOS. However, Debian lists it as affecting tomcat9 […]

### Impact A snap with prior permissions to create a mount entry on the host, such as firefox, normally uses the permission from one of the per-snap hook programs. A unprivileged users cannot normally trigger that behaviour by using `snap run --shell firefox` followed by `snapctl mount`, since snapd validates the requesting user identity (root or non-root). The issue allows unprivileged users to bypass that check by crafting a malicious command line vector which confuses snapd into thinking the help message is requested. Unprivileged user on a default installation of Ubuntu, where firefox is as provided as a snap, may cause a denial-of-service attack by repeatedly mounting hunspell database over and over and eventually exhausting system memory. Other attacks, reliant on the same underying mechanism (mount), are possible. In all cases the snap must be installed and grated permission to perform this action (by connecting an appropriate snap interface), which requires administrative pr...

About Elevation of Privilege – needrestart (CVE-2024-48990) vulnerability. On November 19, Qualys released a security bulletin about five privilege escalation vulnerabilities in the needrestart utility (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003) used in Ubuntu Server, starting with version 21.04. The needrestart utility runs automatically after APT operations (installing, updating, or removing packages). It checks if […]

Ubuntu Security Notice 7135-1 - Bahruz Jabiyev, Anthony Gavazzi, Engin Kirda, Kaan Onarlioglu, Adi Peleg, and Harvey Tuch discovered that HAProxy incorrectly handled empty header names. A remote attacker could possibly use this issue to manipulate headers and bypass certain authentication checks and restrictions.

Ubuntu Security Notice 7134-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code.

Ubuntu Security Notice 7133-1 - Yuki Mogi discovered that HAProxy incorrectly handled the interpretation of certain HTTP requests. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information.

Ubuntu Security Notice 7132-1 - It was discovered that PostgreSQL incorrectly tracked tables with row security. A remote attacker could possibly use this issue to perform forbidden reads and modifications. Jacob Champion discovered that PostgreSQL clients used untrusted server error messages. An attacker that is able to intercept network communications could possibly use this issue to inject error messages that could be interpreted as valid query results.