Multiple vulnerabilities found in Ubuntu


Ubuntu is the one of the few operating systems which is fast on patching the vulnerabilities and the same can be seen from the current vulnerabilities patched by them.Many vulnerabilities were found in the firefox.One was involving the use of specially crafted page which an attacker could possibly use to exploit to cause a denial of service via application crash.

Firefox vulnerability:-

The Chrome Object Wrappers (COW) and System Only Wrappers (SOW) were found to be not handled properly by Firefox . If a user were tricked into opening a specially crafted page, a remote attacker could exploit this to bypass security protections to obtain sensitive information or potentially execute code with the privileges of the user invoking Firefox.

OpenStack cinder vulnerability:-

The Open cinder exploit reported by Canonical could allow XML entity processing. A remote unauthenticated attacker could exploit this using the Cinder API to cause a denial of service via resource exhaustion.

OpenSSL vulnerability:-

An OpenSSL vulnerability has been discovered which can be used  by remote attacker to crash OpenSSL,resulting in a denial of service.This happens due to incorrectly handling of  certain crafted data.

TLS protocol as used in OpenSSL was vulnerable to a timing side-channel attack known as the “Lucky Thirteen” issue. A remote attacker could use this issue to perform plaintext-recovery attacks via analysis of timing data

Ruby vulnerability:-

It was also discovered that the documentation generated by rdoc is vulnerable to a cross-site scripting issue. With cross-site scripting vulnerabilities, if a user were tricked into viewing a specially crafted page, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain.

Another vulnerability was found with  the JSON implementation in Ruby,incorrectly handled certain crafted documents. An attacker could use this issue to cause a denial of service or bypass certain protection mechanisms.

The Ultimate Solution:-

Updating the operating system to the latest updates will fix all the issues.

 

Advertisements