Ubuntu – Using Ubuntu Assurance (ua) tool to check specific vulnerabilities (CVE)

Griffon

Hello World, 

This post is based on some questions/feedback/comments we have received from the field and relate to the Ubuntu and the CVE (Critical Vulnerabilities and Exposures) subject

Ubuntu, as any other Operating systems, might encounter critical vulnerabilities.  If this happens, end-users and IT Dept. needs to take all the necessary actions to avoid  any security breach on thier network.  When such Vulnerabilities are discovered, Software companies usually provide either a quick fix, a workaround or they would release some new update packages that would fix the discovered issues.  

This post will provide a quick way to check if your Ubuntu system is affected or not by a vulnerability (CVE).  

Real Case Scenario 

Disclaimer

This post is focusing on Ubuntu Operating System specifically !  Different processes or tools might be needed on different distros…. 

Our Example : the PwnKit CVE

A few days ago, a critical vulnerability has been detected in Ubuntu (and in other Distros !!!) called  PwnKit.  Successful exploitation of this vulnerability could allow any unprivileged user to gain root privileges on the vulnerable host.  The vulnerability affects more specifically the policyKit (or pkexec) software component available on Ubuntu.   Since proof of concept have been already around, it would be really important to apply released patches (if any) by Canonical to prevent any security breach on your machine and/or infrastructure.

Ubuntu Security & CVEs Database Information 

When vulnerabilities have been discovered, Canonical would ensure that  fixes and information, workarounds and recommendations would be made available to mitigate the vulnerabilities. If you are interested in having more details about the vulnerabilities and to find out the status of the possible patch that would fix it, you can always visit the Ubuntu Security pages or the retrieve information in their CVE Database pages.  Please have a look at the following location 

Is my system affected or not ?

Searching through internet, we have found out that the Pwnkit vulnerability has been tagged as CVE-2021-4034.  To retrieve information about this specific CVE on ubuntu CVE database, you can go and visit the following url  (https://ubuntu.com/security/CVE-2021-4034)

UA_CVE_04

Click on Picture for Better Resolution

Canonical, the company behind Ubuntu, has already provided the necessary patches and hotfix to solve the detected issues.  The easiest way to ensure that vulnerabilities have been fixed is to regularly update your Ubuntu Operating System.   But this might not be enough for you…

Indeed, you might want to check if your system is affected or not by the vulnerability.  This is actually relatively easy on Ubuntu Operating System through the Ubuntu Advantage (UA) client tool. 

We were not really aware of this command line tool but it can provide quite good information about your Ubuntu System.   The ua client tool is available for all Ubuntu LTS releases and can be used out of the box (for more information about the tool, visit https://discourse.ubuntu.com/t/ubuntu-advantage-client/21788

To check if your system is affected or not, you would open the terminal console and issue the following command

ua fix CVE-2021-4034

If your system has been already patched, you will see the green arrow stating that your system is not affected by the vulnerability 

UA_CVE_01

Click on Picture for Better Resolution

If you run the same command (without sudo command) on an affected system,  you will see the red cross stating that your system is indeed vulnerable !  If you run the command without admin rights,  no corrective measure will be taken. 

UA_CVE_02

Click on Picture for Better Resolution

How to fix my system if affected by this vulnerability ?

So, if you want to obtain status about the system and at the same time deploy the hotfix in one command,  you would need to run the command as sudo   

sudo ua fix CVE-2021-4034

On the screenshot, you can see that the tool has detected that your missing the fix and the tool will also perform the installation of the patch in order to resolve the detected issue 

UA_CVE_03

Click on Picture for Better Resolution

Again, the example above checks for a single vulnerability.  To ensure that your system stays secure, we would recommend you to perform on a regular base updates and patching activities on your Ubuntu system (if possible)

Final Notes

Voila ! This is it for this post  ! 

As you can see, more and more vulnerabilities are discovered.  Ubuntu and Linux might be considered as secure Operating system, this does not means that they do not get affected by such vulnerabilities.   If you ever need to assess if your system is vulnerable or not against a specific CVE,  you can try to use the Ubuntu Assurance (ua) client tool to check your security posture against specific CVE published and disclosed.  

Recent discovered vulnerabilities shows how  important is to keep your Operating system up to date either through regular Updates process or apply specific patches or hotfixes. So, whatever approach you use, keep your system up to date and run recent and supported version of your preferred Operating System.

As a final note, ua is probably an easy way to check a few machine for security issues.  If you need to check a large number of system, you might need to either come up with some scripting or use specific tools that can provide this information in an easier way

Hope this help 

Till next time 

See ya 

 

Leave a Reply