Hello World,
This post is based on some questions/feedback/comments we have received from the field and relate to the Ubuntu and the CVE (Critical Vulnerabilities and Exposures) subject
Ubuntu, as any other Operating systems, might encounter critical vulnerabilities. If this happens, end-users and IT Dept. needs to take all the necessary actions to avoid any security breach on thier network. When such Vulnerabilities are discovered, Software companies usually provide either a quick fix, a workaround or they would release some new update packages that would fix the discovered issues.
This post will provide a quick way to check if your Ubuntu system is affected or not by a vulnerability (CVE).
Real Case Scenario
Disclaimer
This post is focusing on Ubuntu Operating System specifically ! Different processes or tools might be needed on different distros….
Our Example : the PwnKit CVE
A few days ago, a critical vulnerability has been detected in Ubuntu (and in other Distros !!!) called PwnKit. Successful exploitation of this vulnerability could allow any unprivileged user to gain root privileges on the vulnerable host. The vulnerability affects more specifically the policyKit (or pkexec) software component available on Ubuntu. Since proof of concept have been already around, it would be really important to apply released patches (if any) by Canonical to prevent any security breach on your machine and/or infrastructure.
Ubuntu Security & CVEs Database Information
When vulnerabilities have been discovered, Canonical would ensure that fixes and information, workarounds and recommendations would be made available to mitigate the vulnerabilities. If you are interested in having more details about the vulnerabilities and to find out the status of the possible patch that would fix it, you can always visit the Ubuntu Security pages or the retrieve information in their CVE Database pages. Please have a look at the following location
Is my system affected or not ?
Searching through internet, we have found out that the Pwnkit vulnerability has been tagged as CVE-2021-4034. To retrieve information about this specific CVE on ubuntu CVE database, you can go and visit the following url (https://ubuntu.com/security/CVE-2021-4034)
Click on Picture for Better Resolution
Canonical, the company behind Ubuntu, has already provided the necessary patches and hotfix to solve the detected issues. The easiest way to ensure that vulnerabilities have been fixed is to regularly update your Ubuntu Operating System. But this might not be enough for you…
Indeed, you might want to check if your system is affected or not by the vulnerability. This is actually relatively easy on Ubuntu Operating System through the Ubuntu Advantage (UA) client tool.
We were not really aware of this command line tool but it can provide quite good information about your Ubuntu System. The ua client tool is available for all Ubuntu LTS releases and can be used out of the box (for more information about the tool, visit https://discourse.ubuntu.com/t/ubuntu-advantage-client/21788)
To check if your system is affected or not, you would open the terminal console and issue the following command
ua fix CVE-2021-4034
If your system has been already patched, you will see the green arrow stating that your system is not affected by the vulnerability
Click on Picture for Better Resolution
If you run the same command (without sudo command) on an affected system, you will see the red cross stating that your system is indeed vulnerable ! If you run the command without admin rights, no corrective measure will be taken.
Click on Picture for Better Resolution
How to fix my system if affected by this vulnerability ?
So, if you want to obtain status about the system and at the same time deploy the hotfix in one command, you would need to run the command as sudo
sudo ua fix CVE-2021-4034
On the screenshot, you can see that the tool has detected that your missing the fix and the tool will also perform the installation of the patch in order to resolve the detected issue
Click on Picture for Better Resolution
Again, the example above checks for a single vulnerability. To ensure that your system stays secure, we would recommend you to perform on a regular base updates and patching activities on your Ubuntu system (if possible)
Final Notes
Voila ! This is it for this post !
As you can see, more and more vulnerabilities are discovered. Ubuntu and Linux might be considered as secure Operating system, this does not means that they do not get affected by such vulnerabilities. If you ever need to assess if your system is vulnerable or not against a specific CVE, you can try to use the Ubuntu Assurance (ua) client tool to check your security posture against specific CVE published and disclosed.
Recent discovered vulnerabilities shows how important is to keep your Operating system up to date either through regular Updates process or apply specific patches or hotfixes. So, whatever approach you use, keep your system up to date and run recent and supported version of your preferred Operating System.
As a final note, ua is probably an easy way to check a few machine for security issues. If you need to check a large number of system, you might need to either come up with some scripting or use specific tools that can provide this information in an easier way
Hope this help
Till next time
See ya