Linux Vulnerabilities of the Week: June 21, 2021
1. The runc (<1.0.0-rc95) package vulnerability
Severity: Important CVSS Score: 8.5
The runc package is vulnerable to a symlink exchange attack. To exploit the vulnerability, an attacker must create multiple containers with a fairly specific mount configuration. If an attack is successful, it can result in the host filesystem being bind-mounted into the container.
The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.
Syxscore Risk Alert
This vulnerability has a high risk as although it can be exploited only with a complex attack, it can be exposed over any network, with low privileges, and no user interaction. Besides, this flaw allows a lateral attack to be made, due to the changed jump point.
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: Low
- User Interaction: None
- Scope (Jump Point): Changed
CVE Reference(s): CVE-2021-30465
2. ElGamal encryption flaw in Libgcrypt
Severity: Important CVSS Score: 7.5
This is an ElGamal encryption mishandling in Libgcrypt before 1.8.8 and 1.9.x before 1.9.3, due to the lack of exponent blinding to address a side-channel attack against mpi_powm, and the inappropriate window size selection. This affects the use of ElGamal in OpenPGP.
Syxscore Risk Alert
This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-33560
3. A NULL pointer dereference flaw in httpd
Severity: Important CVSS Score: 7.5
A NULL pointer dereference flaw in httpd
This is a null pointer dereference in the way httpd handles specially crafted HTTP/2 requests that allows a remote attacker to crash the httpd child process, causing temporary denial of service.
The highest threat from this vulnerability is to system availability.
Syxscore Risk Alert
This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-31618
4. A tpm2-tools vulnerability affecting Red Hat Enterprise Linux 8
Severity: Medium CVSS Score: 5.9
This is a flaw in tpm2-tools in versions before 5.1.1 and before 4.3.2. Tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported.
The highest threat from this vulnerability is to data confidentiality.
Syxscore Risk Alert
This vulnerability has a moderate risk as though its exploitation requires a complex attack, this can be exposed over any network, with no privileges, and without user interaction.
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Scope (Jump Point): Unchanged
CVE Reference(s): CVE-2021-3565
Try Linux Patching with Syxsense
Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.