Skip to main content
News

Linux Vulnerabilities of the Week: October 4, 2021

By October 5, 2021June 22nd, 2022No Comments
||

Linux Vulnerabilities of the Week: October 4, 2021

See this week's top Linux issues and keep your IT environment protected from the latest October Linux vulnerabilities.

[vc_empty_space]
[vc_single_image image=”364537″ img_size=”full”]

1. Apache HTTP Server (2.4.48 and earlier) vulnerability

Severity: Critical     CVSS Score: 9.8

ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party/external modules may.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39275

[vc_separator]

2. Missing input validation in domain names in Node.js

Severity: Critical         CVSS Score: 9.8

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to remote code execution, Cross-site scripting (XSS), application crashes due to missing input validation of hostnames returned by Domain Name Servers in the Node.js DNS library, which can lead to the output of wrong hostnames (leading to Domain hijacking) and injection vulnerabilities in applications using the library.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector:             Network
  • Attack Complexity:     Low
  • Privileges Required:    None
  • User Interaction:         None
  • Scope (Jump Point):    Unchanged

CVE Reference(s): CVE-2021-22931

[vc_separator]

3. Kubernetes vulnerability

Severity: Important    CVSS Score: 8.1

Exploiting this flaw, an authorized user can create a container with subpath volume mounts to access files and directories outside of the volume, including on the host node’s filesystem.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25741

[vc_separator]

4. aTFTP vulnerability (through 0.7.4)

Severity: Important    CVSS Score: 7.5

There is a buffer overflow in tftpd_file.c in aTFTP because buffer-size handling does not properly consider the combination of data, OACK, and other options.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41054

[vc_separator]

Join Our October Linux Webcast

Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.

[vc_btn title=”Save Your Seat” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Foctober-linux-patch-2021″ css=”.vc_custom_1633464485310{margin-top: 15px !important;}”][vc_single_image image=”37252″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1611965477970{padding-right: 20px !important;padding-left: 20px !important;}”]

Leave a Reply