Linux Vulnerabilities of the Week: September 20, 2021

Linux Vulnerabilities of the Week: September 20, 2021

1. Lack of certain index validation in GoGo Protobuf (< 1.3.2)

Severity: Important    CVSS Score: 8.6

This flaw allows a remote attacker to send crafted protobuf messages, causing a denial of service. The highest threat from this vulnerability is to availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3121

2. Out-of-bounds write in net/netfilter/x_tables.c affecting Red Hat Enterprise Linux 7

Severity: Important    CVSS Score: 7.8

This is a flaw in how setsockopt IPT_SO_SET_REPLACE (or IP6T_SO_SET_REPLACE) are processed for 32-bit processes on 64-bit systems.

Exploiting this flaw, a local user can gain privileges or cause a DoS (via heap memory corruption) through user name space.

The highest threat from this vulnerability is to data confidentiality, and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, needs low privileges, and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-22555

3. Missing enforcement vulnerability in Xen

Severity: Important    CVSS Score: 7.8

Another race in XENMAPSPACE_grant_table handling Guests are permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, are de-allocated when a guest switches (back) from v2 to v1.

Freeing such pages requires that the hypervisor enforces that no parallel request can result in the addition of a mapping of such a page to a guest. Due to the missing enforcement, local guests can retain access to pages that were freed and perhaps re-used for other purposes.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and can be exposed only with a complex attack, it needs low privileges and no user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28701

4. Mishandling of ElGamal encryption in Libgcrypt that affects Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is a side-channel attack flaw in the way Libgcrypt implemented Elgamal encryption, which allows an attacker to decrypt parts of ciphertext encrypted using Elgamal, for instance, when using OpenPGP.

The highest threat from this vulnerability is to confidentiality.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33560

5. Potential directory traversal via “admindocs“ in Django

Severity: Moderate    CVSS Score: 4.9

This is a flaw in Django. Staff members could use the Template Detail View to check the existence of arbitrary files. Moreover, if (and only if) the default admindocs templates have been customized by the developers to also expose the file contents, then not only the existence but also the file contents would have been exposed.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although it requires high privileges, it can be exposed with a low complexity attack without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33203

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

Recent Posts

Topics

Related Posts

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024