Skip to main content
News

Linux Vulnerabilities of the Week: March 1, 2021

By March 3, 2021June 22nd, 2022No Comments
||

Linux Vulnerabilities of the Week: March 1, 2021

Are you caught up on March's latest Linux vulnerabilities? See this week's top issues and keep your IT environment protected.

[vc_empty_space]
[vc_single_image image=”364537″ img_size=”full”]

1. Buffer overflow impacting python 27, python 36 and python 38

Vendor Severity: Medium
CVSS Score: 9.8

A stack-based buffer overflow was discovered in the ctypes module provided within Python.  Applications that use ctypes without carefully validating the input passed to it may be vulnerable to this flaw, which would allow an attacker to overflow a buffer on the stack and crash the application.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-3177

[vc_separator]

2. GNU Screen vulnerability with Ubuntu 20.10, 20.04 LTS, 18.04 LTS and 16.04 LTS.

Vendor Severity: Medium
CVSS Score: 9.8

GNU Screen incorrectly handles certain character sequences.  A remote attacker could use this issue to cause GNU Screen to crash, resulting in a denial of service, or possibly execute arbitrary code.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-26937

[vc_separator]

3. xterm vulnerability with Ubuntu 20.10, 20.04 LTS, 18.04 LTS and 16.04 LTS.

Vendor Severity: Medium
CVSS Score: 9.8

xterm incorrectly handles certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-27135

[vc_separator]

4. Security update for avahi with SUSE Enterprise Workstation 12-SP5 and Enterprise Server 12-SP5

Vendor Severity: Moderate
CVSS Score: 7.8

xterm incorrectly handles certain character sequences. A remote attacker could use this issue to cause xterm to crash, resulting in a denial of service, or possibly execute arbitrary code.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it has low complexity, low privileges and no user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Requires: Low
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-26720

[vc_separator]

5. Amazon Linux AMI Security Advisory with EVP_CipherUpdate

Vendor Severity: Medium
CVSS Score: 7.5

Calls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may overflow the output length argument in some cases where the input length is close to the maximum permissible length for an integer on the platform. In such cases the return value from the function call will be 1 (indicating success), but the output length value will be negative.

This could cause applications to behave incorrectly or crash.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Requires: None
  • User Interaction: None
  • Scope (Jump Point): No

CVE Reference(s): CVE-2021-23840

[vc_separator]

Try Linux Patching with Syxsense

Syxsense makes endpoint management and security easy. Automatically deploy OS and third-party patches as well as Windows 10 Feature Updates for Microsoft, Mac, and Linux devices.

[vc_btn title=”Start a Free Trial” style=”gradient-custom” gradient_custom_color_1=”#da4453″ gradient_custom_color_2=”#8a2387″ shape=”round” size=”lg” align=”center” link=”url:https%3A%2F%2Fwww.syxsense.com%2Fstart-a-free-trial-of-syxsense%2F|||” css=”.vc_custom_1586908107967{margin-top: 15px !important;}”]
[vc_single_image image=”37252″ img_size=”full” css_animation=”fadeIn” css=”.vc_custom_1611965477970{padding-right: 20px !important;padding-left: 20px !important;}”]

Leave a Reply