CVE-2021-3560 – Red Hat Polkit Incorrect Authorization Vulnerability
https://notcve.org/view.php?id=CVE-2021-3560
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que polkit podía ser engañado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podría ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. • https://www.exploit-db.com/exploits/50011 https://github.com/secnigma/CVE-2021-3560-Polkit-Privilege-Esclation https://github.com/RicterZ/CVE-2021-3560-Authentication-Agent https://github.com/hakivvi/CVE-2021-3560 https://github.com/WinMin/CVE-2021-3560 https://github.com/0dayNinja/CVE-2021-3560 https://github.com/AssassinUKG/Polkit-CVE-2021-3560 https://github.com/chenaotian/CVE-2021-3560 https://github.com/BizarreLove/CVE-2021-3560 https://github.com/cpu0x00/CVE-2021-3560 • CWE-754: Improper Check for Unusual or Exceptional Conditions CWE-863: Incorrect Authorization •
CVE-2021-32555 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32555
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the xorg-hwe-18.04 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podía seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete apport hooks xorg-hwe- versión 18.04, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32551 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32551
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-15 package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete openjdk-15 apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-32547 – apport read_file() function could follow maliciously constructed symbolic links
https://notcve.org/view.php?id=CVE-2021-32547
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users. Se ha detectado que la función read_file() en el archivo apport/hookutils.py podría seguir enlaces simbólicos o abrir FIFOs. Cuando esta función es usada por el paquete openjdk-lts apport hooks, podría exponer datos privados a otros usuarios locales • https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904 • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-61: UNIX Symbolic Link (Symlink) Following •
CVE-2021-3489 – Linux kernel eBPF RINGBUF map oversized allocation
https://notcve.org/view.php?id=CVE-2021-3489
The eBPF RINGBUF bpf_ringbuf_reserve() function in the Linux kernel did not check that the allocated size was smaller than the ringbuf size, allowing an attacker to perform out-of-bounds writes within the kernel and therefore, arbitrary code execution. This issue was fixed via commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) and backported to the stable kernels in v5.12.4, v5.11.21, and v5.10.37. It was introduced via 457f44363a88 ("bpf: Implement BPF ring buffer and verifier support for it") (v5.8-rc1). La función eBPF RINGBUF bpf_ringbuf_reserve() del kernel de Linux no comprobaba que el tamaño asignado fuera menor que el tamaño del ringbuf, lo que permitía a un atacante realizar escrituras fuera de los límites del kernel y, por tanto, la ejecución de código arbitrario. Este problema se solucionó a través del commit 4b81ccebaeee ("bpf, ringbuf: Deny reserve of buffers larger than ringbuf") (v5.13-rc4) y se retroalimentó a los kernels estables en versiones v5.12.4, v5.11.21 y v5.10.37. • https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf.git/commit/?id=4b81ccebaeee885ab1aa1438133f2991e3a2b6ea https://security.netapp.com/advisory/ntap-20210716-0004 https://ubuntu.com/security/notices/USN-4949-1 https://ubuntu.com/security/notices/USN-4950-1 https://www.openwall.com/lists/oss-security/2021/05/11/10 https://www.zerodayinitiative.com/advisories/ZDI-21-590 https://access.redhat.com/security/cve/CVE-2021-3489 https://bugzilla.redhat.com/show_bug.cgi?id=1959559 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •