Linux Vulnerabilities of the Week: October 18, 2021

Linux Vulnerabilities of the Week: October 18, 2021

1. Apache HTTP server vulnerability

Severity: Critical         CVSS Score: 9.8

This is a path transversal and remote code execution flaw in Apache HTTP Server 2.4.49 and 2.4.50, which a remote attacker could use to map URLs to files outside the directories configured by Alias-like directives. This flaw could also leak the source of interpreted files like CGI scripts.

If files outside of the mentioned directories are not protected by the usual default configuration “require all denied”, the attacker’s requests can succeed. If CGI scripts are also enabled for these aliased paths, this could result in remote code execution.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

 Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42013

2. SVM nested virtualization issue in KVM in the Linux kernel (<5.14-rc7)

Severity: Important    CVSS Score: 8.8

This is a flaw in the KVM’s AMD code for supporting SVM nested virtualization. It occurs when processing the virtual machine control block provided by the L1 guest to spawn/handle a nested guest (L2).

Due to improper validation of the “int_ctl” field, a malicious L1 can enable Advanced Virtual Interrupt Controller support for the L2 guest. As a result, the L2 guest would be able to read/write physical pages of the host, leading to a crash of the entire system, leak of sensitive data, or potential guest-to-host escape.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device, it has low complexity, requires no privileges, and no user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-3653

3. A possible directory traversal in squashfs-tools affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 8.1

This is a directory traversal flaw in squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5. During extraction, a file can use a symbolic link, and a regular file with an identical name to escape the destination directory. This flaw allows a specially crafted squashfs archive to install or overwrite files outside of the destination directory.

The highest threat from this vulnerability is to integrity and system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although it requires user interaction, it can be exposed over any network, with an attack of low complexity and with no privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41072

4. Possible data corruption or loss in the Linux kernel (< 5.13.4)

Severity: Important    CVSS Score: 7.8

In drivers/char/virtio_console.c in the Linux kernel, data corruption or loss can be triggered by an untrusted device that supplies a buf->len value exceeding the buffer size.

The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device, it can be exposed with a low complexity attack, with low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-38160

5. Insufficiently restricted permissions in Containerd (< 1.4.11)

Severity: Important    CVSS Score: 7.8

It is a flaw in Containerd where container root directories and some plugins had insufficiently restricted permissions. Unprivileged Linux users can exploit this vulnerability to traverse directory contents and execute programs.

This vulnerability has been fixed in Containerd 1.4.11 and Containerd 1.5.7. Users should update to one of these versions when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users.

Syxscore Risk Alert

This vulnerability has a major risk — although this needs access to the same network as the device it can be exposed with a low complexity attack, with low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41103

Join Our October Linux Webcast

Explore the latest Linux updates for October 2021. We discuss the most urgent patches and priorities for the month.

Recent Posts

Topics

Related Posts

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

In the News: Brute-force attacks surge worldwide, warns Cisco Talos

April 17, 2024
In the News: Why 92% of Security Professionals Worry About Generative AI

In the News: Why 92% of Security Professionals Worry About Generative AI

April 16, 2024
In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

In the News: Let’s Celebrate World Backup Day 2024 – Hear From Industry Experts

March 29, 2024
In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

In the News: Navigating the new landscape: Understanding and implementing NIST CSF 2.0

March 27, 2024