Skip to main content
News

Linux Vulnerabilities of the Week: June 1, 2021

By June 1, 2021November 11th, 2022No Comments
||

Linux Vulnerabilities of the Week: June 1, 2021

See this week's top Linux issues and keep your IT environment protected from the latest June Linux vulnerabilities.

1. Environment mishandling in PrologSlurmctld or EpilogSlurmctld scripts in Slurm

Severity: Important    CVSS Score: 8.8

This is a flaw in SchedMD Slurm before 20.02.7 and 20.03.x through 20.11.x before 20.11.7 that allows an attacker to execute remote code as SlurmUser.

 Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-31215

2. A DNS rebinding issue that affects Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 8.1

This is a flaw in gupnp. When a remote web server uses a victim’s browser to trigger actions against local UPnP services like data exfiltration, data tempering, and other exploits, DNS rebinding can occur.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a high risk as though it requires user interaction, it can be exposed over any network by an attack of low complexity, with no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33516

3. A slapi-nis (<0.56.7) vulnerability

Severity: Important    CVSS Score: 7.5

This flaw allows an unauthenticated attacker to crash the 389-ds-base directory server using a NULL pointer dereference during the parsing of the Binding DN.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity attack, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3480

4. Web cache poisoning in Python affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.9

This is an issue in python/cpython which makes it vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs. Exploiting this vulnerability, an attacker can make malicious requests be cached as completely safe ones.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as though it requires user interaction, it can be exposed over any network by a complex attack, with no privileges.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-23336

5. The exiv2 (<v0.27.3 ) flaw affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.5

Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. If an attacker can trick the victim into running Exiv2 on a crafted image file, they could cause excessive resource consumption, potentially leading to a denial of service. However, this bug is only triggered when _writing_ the metadata, which is a less frequently used Exiv2 operation than _reading_ the metadata.

The greatest impact of this flaw is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this needs access to the same network as the device and requires user interaction, it needs neither a complex attack nor privileges to be exploited.

  • Attack Vector:             Local
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         Required
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-32617

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply