Linux Vulnerabilities of the Week: March 7, 2022

Linux Vulnerabilities of the Week: March 7, 2022

1. Failure to properly escape SQL input in Cyrus SASL affecting Red Hat Enterprise Linux 6

Severity: Critical         CVSS Score: 9.1

This is a flaw in the SQL plugin shipped with Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28. A remote attacker can execute arbitrary SQL commands due to the failure to properly escape the SQL input. This issue can lead to the escalation of privileges.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk although it requires high privileges to be exploited, this can be exposed over any network, with low complexity, and without user interaction. Besides, this flaw allows a lateral attack to be carried out.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2022-24407

2. Out-of-bounds heap read/write vulnerability in Samba

Severity: Important    CVSS Score: 8.8

Samba versions before 4.13.17, 4.14.12, and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module, a remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44142

3. Double-free of the virtual attribute context in persistent search in ds-base affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is double-free in the way 389-ds-base handles virtual attributes context in persistent searches, which an attacker could use to send a series of search requests, forcing the server to behave unexpectedly, and crash.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4091

4. Special character breaks path in XML parsing in PHP

Severity: Medium       CVSS Score: 5.3

This is a flaw in PHP. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity. A special character could allow an attacker to traverse directories.

The highest threat from this vulnerability is to confidentiality and integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21707

5. RPM’s signature vulnerability

Severity: Low  CVSS Score: 4.4

There is a flaw in RPM’s signature functionality. OpenPGP subkeys are associated with a primary key via a “binding signature. RPM does not check the binding signature of subkeys before importing them. If an attacker can add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature.

The highest threat from this vulnerability is to data integrity.

Syxscore Risk Alert

This vulnerability has a low risk as although this requires access to the same network as the device, complex attack and user interaction to be exploited, it can be exposed with low privileges.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3521

Recent Posts

Topics

Related Posts

In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024
Syxsense Selected for 2024 CRN Partner Program Guide

Syxsense Selected for 2024 CRN Partner Program Guide

March 25, 2024