Linux Vulnerabilities of the Week: June 21, 2021

1. The runc (<1.0.0-rc95) package vulnerability

Severity: Important    CVSS Score: 8.5

The runc package is vulnerable to a symlink exchange attack. To exploit the vulnerability, an attacker must create multiple containers with a fairly specific mount configuration. If an attack is successful, it can result in the host filesystem being bind-mounted into the container.

The highest threat from this vulnerability is to data confidentiality and integrity as well as to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as although it can be exploited only with a complex attack, it can be exposed over any network, with low privileges, and no user interaction. Besides, this flaw allows a lateral attack to be made, due to the changed jump point.

• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-30465

2. ElGamal encryption flaw in Libgcrypt

Severity: Important    CVSS Score: 7.5

This is an ElGamal encryption mishandling in Libgcrypt before 1.8.8 and 1.9.x before 1.9.3, due to the lack of exponent blinding to address a side-channel attack against mpi_powm, and the inappropriate window size selection. This affects the use of ElGamal in OpenPGP.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33560

3. A NULL pointer dereference flaw in httpd

Severity: Important    CVSS Score: 7.5

A NULL pointer dereference flaw in httpd

This is a null pointer dereference in the way httpd handles specially crafted HTTP/2 requests that allows a remote attacker to crash the httpd child process, causing temporary denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s):  CVE-2021-31618

4. A tpm2-tools vulnerability affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.9

This is a flaw in tpm2-tools in versions before 5.1.1 and before 4.3.2. Tpm2_import used a fixed AES key for the inner wrapper, potentially allowing a MITM attacker to unwrap the inner portion and reveal the key being imported.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as though its exploitation requires a complex attack, this can be exposed over any network,  with no privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3565

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.