Top Linux Vulnerabilities for March 2021
1. Buffer overflow impacting python 27, python 36 and python 38
Vendor Severity: Medium
CVSS Score: 9.8
A stack-based buffer overflow was discovered in the ctypes module provided within Python. Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application.
The highest threat from this vulnerability is to system availability.
Syxscore Risk Alert
This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: None
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2021-3177
2. xterm vulnerability with Ubuntu 20.10, 20.04 LTS, 18.04 LTS and 16.04 LTS and Red Hat Enterprise Linux 8
Vendor Severity: Medium / Important
CVSS Score: 9.8
xterm incorrectly handles certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code.
Syxscore Risk Alert
This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: None
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2021-27135
3. Screen update for SUSE Enterprise Server 12-SP2 to 12-SP5
Vendor Severity: Important
CVSS Score: 9.8 (under review)
Fixed double width combining char handling (UTF-8 character) that could lead to a denial of service or code execution.
Syxscore Risk Alert
This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: None
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2021-26937
4. Security Update for Mozilla Thunderbird
Vendor Severity: Important
CVSS Score: 8.8
Memory safety bugs present in Firefox 85 and Firefox ESR 78.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 86, Thunderbird < 78.8, and Firefox ESR < 78.8.
Syxscore Risk Alert
This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges but does require user interaction.
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Requires: None
- User Interaction: Required
- Scope (Jump Point): No
CVE Reference(s): CVE-2021-23978
5. Kernel Update for Oracle Linux 6 and 7
Vendor Severity: Important
CVSS Score: 7.8
Xen is vulnerable to a denial of service, caused by error handling issues in mapping. A local attacker could exploit this vulnerability to crash the corresponding backend driver, potentially affecting the entire domain running the backend driver.
Syxscore Risk Alert
This vulnerability has a moderate risk as this can be exposed over a local network, with low complexity, no privileges and without user interaction.
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Requires: Low
- User Interaction: None
- Scope (Jump Point): No
CVE Reference(s): CVE-2021-26930
Try Linux Patching with Syxsense
Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.
