Skip to main content
News

Linux Vulnerabilities of the Week: December 6, 2021

By December 6, 2021November 11th, 2022No Comments
||

Linux Vulnerabilities of the Week: December 6, 2021

See this week's top Linux issues and keep your IT environment protected from the latest December Linux vulnerabilities.

1. CSRF token bypass in Mailman (<2.1.38)

Severity: Important    CVSS Score: 8.8

A Cross-Site Request Forgery (CSRF) attack can be performed in GNU Mailman due to a CSRF token bypass.

CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request to set a new admin password or make other changes.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction, this can be exposed over any network, with low complexity, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44227

2. Xen PoD Operation denial of service

Severity: Important    CVSS Score: 8.8

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages).

The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low-complexity attack, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28708

3. Insufficient symlink protection in Node.js ‘tar file’

Severity: Important    CVSS Score: 8.6

This is a flaw in the npm package “tar” (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories.

This flaw allows an untrusted ‘tar file’ to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems.

The highest threat from this vulnerability is to integrity and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires access to the same network as the device and user interaction to be exploited, it can be exposed with a low-complexity attack, and without privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-37701

4. Node.js ‘npmcli/arborist’ library vulnerability

Severity: Important    CVSS Score: 7.8

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command-line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project’s `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low-complexity attack and without privileges.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39135

5. Incorrect parsing of HTTP transfer-encoding request header in Apache Tomcat

Severity: Medium       CVSS Score: 5.3

This is a flaw in Apache Tomcat. Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33037

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo

Leave a Reply