Search Results for: ubuntu

Reliably Exploiting Apport in Ubuntu

December 16, 2016 by 17 Comments

[Donncha O’Cearbhaill] has successfully exploited two flaws in Apport, the crash report mechanism in Ubuntu. Apport is installed by default in all Ubuntu Desktop installations >= 12.10 (Quantal). Inspired by [Chris Evan] work on exploiting 6502 processor opcodes on the NES, [Donncha] describes the whole process of finding and exploiting a 0-day on a modern linux system.

One of the flaws, tracked as CVE-2016-9949, relies on a python code injection in the crash file. Apport blindly uses the python eval() function on an unsanitized field (CrashDB) inside the .crash file. This leads directly to arbitrary python code execution. The other flaw, tracked as CVE-2016-9950, takes advantage of a path traversal attack and the execution of arbitrary Python scripts outside the system hook_dirs. The problem arises when another field (Package) from the crash report file is used without sanitizing when building a path to the package hook files.

CVE-2016-9949 is easily exploitable, if an attacker can trick a user into opening a specially crafted file (apport .crash file), the attacker can execute the python code of his/her choice. Two details make it a very interesting exploit.

The first thing to note is the exploit’s reliability. Given that it is pure python code execution, an attacker doesn’t have to worry about ASLR, Non-Exec Memory, Stack Canaries and other security features that Ubuntu ships by default. As the author notes:

“There are lots of bugs out there which don’t need hardcore memory corruption exploitation skills. Logic bugs can be much more reliable than any ROP chain.”

Another interesting detail is that the exploit file doesn’t need to have the .crash extension, as long as its content starts with the string “ProblemType: ” and the file extension is not associated already with other software, Ubuntu considers it being of mime-type type=”text/x-apport” (for example, .ZlP or .0DF). This significantly improves the chances of an unsuspecting user being fooled into open the file.

Continue reading “Reliably Exploiting Apport in Ubuntu”

A Slice of Ubuntu

October 20, 2016 by 24 Comments

The de facto standard for Raspberry Pi operating systems is Raspbian–a Debian based distribution specifically for the diminutive computer. Of course, you have multiple choices and there might not be one best choice for every situation. It did catch our eye, however, that the RaspEX project released a workable Ubunutu 16.10 release for the Raspberry Pi 2 and 3.

RaspEX is a full Linux Desktop system with LXDE (a lightweight desktop environment) and many other useful programs. Firefox, Samba, and VNC4Server are present. You can use the Ubuntu repositories to install anything else you want. The system uses kernel 4.4.21. You can see a review of a much older version of RaspEX  in the video below.

Continue reading “A Slice of Ubuntu”

This Teddy Bear Steals Your Ubuntu Secrets

April 22, 2016 by 20 Comments

Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.

[mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.

This flaw in X11 is well-known. In some sense, there’s nothing new here. It’s only in light of Ubuntu’s claim of cross-application security that it’s interesting to bring this up again.

xeyes

And the teddy bear in question? Xteddy dates back from when it was cool to display a static image in a window on a workstation computer. It’s like a warmer, cuddlier version of Xeyes. Except it just sits there. Or, in [mjg59]’s version, it records your keystrokes and uploads your passwords to shady underground characters or TLAs.

We discussed Snappy Core for IoT devices previously, and we think it’s a step in the right direction towards building a system where all the moving parts are only loosely connected to each other, which makes upgrading part of your system possible without upgrading (or downgrading) the whole thing. It probably does enhance security when coupled with a newer display manager like Mir or Wayland. But as [mjg59] pointed out, “snaps” alone don’t patch up X11’s security holes.

Windows and Ubuntu: “Cygwin Can Suck It”

March 30, 2016 by 226 Comments

For the last ten years or so, computing has been divided into two camps: Windows, and everything else with a *nix suffix. Want a computing paradigm where everything is a file? That’s Linux. Want easy shell scripting that makes the command line easy? Linux. Want a baroque registry with random percent signs and dollar symbols? That would be Windows. Want to run the most professional productivity apps for design and engineering? Sadly, that’s Windows as well.

*nix runs nearly the entire Internet, the top 500 supercomputers in the world, and is the build environment for every non-Windows developer. Yet Windows is the most popular operating system. The divide between Windows and *nix isn’t so much a rivalry, as much as people who still spell Microsoft with a dollar sign would tell you. It’s just the way personal computing evolved by way of legacy apps and IT directors.

Now, this great divide in the world of computing is slowly closing. At Microsoft’s Build 2016 developer’s conference, Microsoft and Canonical, Ubuntu’s parent company, announced a partnership that will allow Ubuntu to run using native Windows libraries.

In short, this announcement means bash and the Linux command line is coming to Windows 10. The command line is great, but userland is where it’s at, and here this partnership really shines. Unlike Cygwin, the current way to get *nix stuff running in a Windows environment, Windows’ bash will allow unmodified Linux programs to run unmodified on Windows 10.

It is not an understatement to say this is the most important development in operating systems in the last 10 years. For the last decade, every developer who is not purely a Windows developer has picked up a MacBook for the sole reason of having BSD under the hood. If you’re looking for a reason Apple is popular with devs, it’s *nix under the hood. This announcement changes all of that.

Ubuntu Core Supports Raspberry Pi 2 I/O

August 27, 2015 by 23 Comments

Although it isn’t official, Ubuntu Core–the tiny Internet of Things version of Ubuntu–now runs on the Raspberry Pi 2. There are prebuilt binaries as well as instructions for how to roll your own, if you prefer. You can even access GPIO

Ubuntu Core abandons the old-style Debian packages, in favor of Snap, a new version of the Ubuntu phone’s Click package manager. Snap offers transactional updates. The idea is that all of these “things” on the IoT need to be updated to patch security holes or fix other issues.

Continue reading “Ubuntu Core Supports Raspberry Pi 2 I/O”

Ubuntu with a GUI on a Beagleboard

February 25, 2013 by 16 Comments

beagle

The Raspberry Pi is great if you’re looking for a cheap yet powerful computer running Linux, but let’s not forget all the other ARM dev boards out there. [Adam] spent some time this weekend putting together an Ubuntu distro for his Beagleboard XM to give it the convenience of a GUI and a whole bunch of drivers to get a lot of stuff done.

The Beagleboard XM is another high power ARM dev board that is a little more capable than the Raspberry Pi. With an integrated USB hub, LVDS LCD displays, and a camera board, the Beagleboard already has a lot of peripherals that are now only promised for the Raspberry Pi. The only problem with the Beagleboard XM is the state of drivers and software; a problem [Adam] resolved by bringing Ubuntu to the Beagleboard.

[Adam]’s distro comes with all the goodies a relatively high-powered ARM dev board should have: Python, scipy, numpy, and a few cool extras such as GIMP and Chromium. He says it’s a bit faster than the stock Raspbian distro on the Raspberry Pi, so if you’re looking for the best ARM/Linux dev board for your next project, you may want to give [Adam]’s distro a try.

Ubuntu Laika – an Android phone pen testing platform

June 9, 2011 by 11 Comments

laika_screenshot

Once [Ruan] over at AndroidClone heard that Android devices were capable of running a full Linux environment, he started contemplating all of the things he might be able to do with a full Linux OS in his pocket.

He decided that a portable penetration testing platform would be great to have on hand, so he got busy installing Ubuntu 10.10 on his Lenovo LePhone. Once he had it up and running, he stripped out all of the unnecessary fluff and added some common tools such as Wireshark, Nmap, and Kismet, among others. He says it easily runs side by side with Android, allowing you to switch between the Ubuntu install and your standard Android applications with ease.

While this all started out as a proof of concept, he has continued to refine the project, releasing several new versions along the way. If you are interested in giving it a try, he has installation instructions available in the AndroidClone forums.

[thanks Stephen]