Top Linux Vulnerabilities for February 2021
1. Linux AMI Security Advisory for samba “Netlogon” on Amazon Linux and RedHat
Vendor Severity: Critical
Score: 10
A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. (CVE-2020-14318)
A null pointer dereference flaw was found in Samba’s winbind service. This flaw allows a local user to crash the winbind service, causing a denial of service. The highest threat from this vulnerability is to system availability. (CVE-2020-14323)
A flaw was found in the Microsoft Windows Netlogon Remote Protocol (MS-NRPC), where it reuses a known, static, zero-value initialization vector (IV) in AES-CFB8 mode. This flaw allows an unauthenticated attacker to impersonate a domain-joined computer, including a domain controller, and possibly obtain domain administrator privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2020-1472)
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity and privileges without user interaction. This vulnerability could be used as a jump point – which means once they expose the environment using this bug, they can move to other technology. This is the equivalent of a Zero Day vulnerability.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: Low
- User Interaction: None
- Scope (Jump Point): Yes
CVE Reference(s): CVE-2020-14318, CVE-2020-14323, CVE-2020-1472
2. Hawk2 Security Update for SUSE Enterprise 15, 15-SP1 & 15-SP2
Vendor Severity: Critical
CVSS Score: 9.8
This update for hawk2 fixes the following issues:
- Hawk2 was updated to version 2.4.0+git.1611141202.2fe6369e.
- Possible code execution vulnerability in the controller code (bsc#1179998).
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity, no privileges required and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: None
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2020-35458
3. Slurm Security Update for SUSE Enterprise 15-SP1
Vendor Severity: Medium
CVSS Score: 9.8
Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity, no privileges required and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: None
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2020-27745, CVE-2020-27746
4. Apache Log4net Security Update for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS and Ubuntu 20.10.
Vendor Severity: Important
CVSS Score: 9.8
This is a republished vulnerability from 2018 by NVD as it was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.
Syxscore Risk Alert
This vulnerability has a significant risk as this can be exposed over any network, with low complexity, no privileges required and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: Low
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2018-1285
5. Flatpak security update for Oracle Linux 7
Vendor Severity: Important
CVSS Score: 8.8
This is a republished vulnerability from 2018 by NVD as it was discovered that Apache Log4net incorrectly handled certain configuration files. An attacker could possibly use this issue to expose sensitive information.
Syxscore Risk Alert
This vulnerability has a major risk, though an attacker will need local access to the device. Low complexity, low privileges, no user interaction, but can be used as a jump point, the risk for this vulnerability should be higher than the severity.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Requires: Low
- User Interaction: None
- Scope (Jump Point): Yes
CVE Reference(s): CVE-2021-21261
Try Linux Patching with Syxsense
Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
