Linux Vulnerabilities of the Week: August 31, 2021

Linux Vulnerabilities of the Week: August 31, 2021

1. Improper Input Validation in Node.js (<16.6.0, 14.17.4, and 12.22.4) affecting Red Hat Enterprise Linux 8

Severity: Critical         CVSS Score: 9.8

Node. js is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality, and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22931

2. Mozilla Thunderbird and Firefox vulnerability

Severity: Important    CVSS Score: 8.8

Uninitialized memory in a canvas object in Mozilla Thunderbird and Mozilla Firefox (< 78.13 and < 91) could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a high risk as though it requires user interaction, it can be exposed over any network, with low complexity, and no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29980

3. An out-of-bounds memory read vulnerability in Envoy Proxy/Envoy

Severity: Important   CVSS Score: 8.6

When using one of the mentioned envoy extensions, it is possible to modify and increase the request or response body size of the decompressor, JSON-transcoder, grpc-web, or other proprietary extensions. Exploiting this flaw, an attacker can read invalid memory and cause Envoy to crash, resulting in a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with  a low complexity attack, no privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-32781

4. An out-of-bounds write flaw in the Linux kernel’s Filesystem layer

Severity: Important    CVSS Score: 7.8

Exploiting this flaw, a local attacker with a user privilege can gain access to out-of-bound memory, which will result in a system crash or a leak of internal kernel information. The issue results from not validating the size_t-to-int conversion before performing operations.

The highest threat from this vulnerability is to data integrity, confidentiality, and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exploited with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33909

5. A RubyGem-Puma vulnerability incomplete fix

Severity: Important    CVSS Score: 7.5

Exploiting CVE-2019-16770, a poorly-behaved client could have used keepalive requests to monopolize Puma’s reactor and create a denial of service attack. The fix for CVE-2019-16770 was incomplete.

The original fix only protected existing connections that had already been accepted from having their requests starved by greedy persistent-connections saturating all threads in the same process. However, new connections may still be starved by greedy persistent-connections saturating all threads in all processes in the cluster. A `puma` server that received more concurrent ‘keep-alive’ connections than the server had threads in its threadpool would service only a subset of connections, denying service to the unserved connections.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-29509

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Recent Posts

Topics

Related Posts

In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024
Syxsense Selected for 2024 CRN Partner Program Guide

Syxsense Selected for 2024 CRN Partner Program Guide

March 25, 2024