Skip to main content
News

Linux Vulnerabilities of the Week: October 18, 2021

By October 18, 2021June 22nd, 2022No Comments
||

Linux Vulnerabilities of the Week: October 18, 2021

See this week's top Linux issues and keep your IT environment protected from the latest October Linux vulnerabilities.

[vc_empty_space]
[vc_single_image image=”364537″ img_size=”full”]

1. Apache HTTP server vulnerability

Severity: Critical         CVSS Score: 9.8

This is a path transversal and remote code execution flaw in Apache HTTP Server 2.4.49 and 2.4.50, which a remote attacker could use to map URLs to files outside the directories configured by Alias-like directives. This flaw could also leak the source of interpreted files like CGI scripts.

If files outside of the mentioned directories are not protected by the usual default configuration “require all denied”, the attacker’s requests can succeed. If CGI scripts are also enabled for these aliased paths, this could result in remote code execution.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42013

[vc_separator]

2. SVM nested virtualization issue in KVM in the Linux kernel (<5.14-rc7)

Severity: Important    CVSS Score: 8.8

This is a flaw in the KVM’s AMD code for supporting SVM nested virtualization. It occurs when processing the virtual machine control block provided by the L1 guest to spawn/handle a nested guest (L2).

Due to improper validation of the “int_ctl” field, a malicious L1 can enable Advanced Virtual Interrupt Controller support for the L2 guest. As a result, the L2 guest would be able to read/write physical pages of the host, leading to a crash of the entire system, leak of sensitive data, or potential guest-to-host escape.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device, it has low complexity, requires no privileges, and no user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-3653

[vc_separator]

3. A possible directory traversal in squashfs-tools affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 8.1

This is a directory traversal flaw in squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5. During extraction, a file can use a symbolic link, and a regular file with an identical name to escape the destination directory. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory.

The highest threat from this vulnerability is to integrity and system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although it requires user interaction, it can be exposed over any network, with an attack of low complexity and with no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41072

[vc_separator]

4. Possible data corruption or loss in the Linux kernel (< 5.13.4)

Severity: Important    CVSS Score: 7.8

In drivers/char/virtio_console.c in the Linux kernel, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device, it can be exposed with a low complexity attack, with low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-38160

[vc_separator]

5. Insufficiently restricted permissions in Containerd (< 1.4.11)

Severity: Important    CVSS Score: 7.8

It is a flaw in Containerd where container root directories and some plugins had insufficiently restricted permissions. Unprivileged Linux users can exploit this vulnerability to traverse directory contents and execute programs.

This vulnerability has been fixed in Containerd 1.4.11 and Containerd 1.5.7. Users should update to one of these versions when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device it can be exposed with a low complexity attack, with low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41103

Join Our October Linux Webcast

Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.

[vc_btn title=”Save Your Seat” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Foctober-linux-patch-2021″ css=”.vc_custom_1633464485310{margin-top: 15px !important;}”][vc_single_image image=”37252″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1611965477970{padding-right: 20px !important;padding-left: 20px !important;}”]

Leave a Reply