Linux Vulnerabilities of the Week: December 20, 2021

1. Apache Log4j logging library vulnerability

Severity: Critical         CVSS Score: 10.0

This is a flaw in Apache that allows an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-44228

2. Java logging library Apache Log4j (version 1.x) flaw affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 8.1

MSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker’s JMS Broker.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, without privileges and user interaction.

• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

3. STARTTLS session encryption bypassing in Fetchmail (< 6.4.22) affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.9

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, without privileges and user interaction.

• Attack Vector: Network
• Attack Complexity: High
• Privileges Required: None
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39272

4. RESTEasy (<4.6.0.Final) vulnerability

Severity: Medium       CVSS Score: 5.3

This is a flaw in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method’s parameter value. The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: Low
• User Interaction: None
• Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20289