CVE-2021-32606
https://notcve.org/view.php?id=CVE-2021-32606
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.) En el kernel de Linux versiones 5.11 hasta 5.12.2, la función isotp_setsockopt en el archivo net/can/isotp.c permite una escalada de privilegios a root al aprovechar un uso de la memoria previamente liberada. (Esto no afecta a las versiones anteriores que carecen de compatibilidad con CAN ISOTP SF_BROADCAST) • http://www.openwall.com/lists/oss-security/2021/05/12/1 http://www.openwall.com/lists/oss-security/2021/05/13/2 http://www.openwall.com/lists/oss-security/2021/05/14/1 http://www.openwall.com/lists/oss-security/2021/05/28/1 https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b17c400aeb44daf041627722581ade527bb3c1d https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/73D53S4IZFPFQMRABMXXLW4AJK3EULDX https://lists.fedoraproject • CWE-416: Use After Free •
CVE-2021-31829 – kernel: protection of stack pointer against speculative pointer arithmetic can be bypassed to leak content of kernel memory
https://notcve.org/view.php?id=CVE-2021-31829
kernel/bpf/verifier.c in the Linux kernel through 5.12.1 performs undesirable speculative loads, leading to disclosure of stack content via side-channel attacks, aka CID-801c6058d14a. The specific concern is not protecting the BPF stack area against speculative loads. Also, the BPF stack can contain uninitialized data that might represent sensitive information previously operated on by the kernel. El archivo kernel/bpf/verifier.c en el kernel de Linux versiones hasta 5.12.1, lleva a cabo cargas especulativas no deseadas, conllevando a una divulgación del contenido de la pila por medio de ataques side-channel, también se conoce como CID-801c6058d14a. La preocupación específica no es proteger el área de la pila de BPF contra cargas especulativas. • http://www.openwall.com/lists/oss-security/2021/05/04/4 https://github.com/torvalds/linux/commit/801c6058d14a82179a7ee17a4b532cac6fad067f https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VWCZ6LJLENL2C3URW5ICARTACXPFCFN2 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y4X2G5YAPYJGI3PFEZZNOTRYI33GOCCZ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-863: Incorrect Authorization •
CVE-2021-31800
https://notcve.org/view.php?id=CVE-2021-31800
Multiple path traversal vulnerabilities exist in smbserver.py in Impacket through 0.9.22. An attacker that connects to a running smbserver instance can list and write to arbitrary files via ../ directory traversal. This could potentially be abused to achieve arbitrary code execution by replacing /etc/shadow or an SSH authorized key. Se presentan múltiples vulnerabilidades de salto de ruta en el archivo smbserver.py en Impacket versiones hasta 0.9.22. Un atacante que se conecta a una instancia de smbserver en ejecución puede enumerar y escribir en archivos arbitrarios por medio de un salto de directorio ../. • https://github.com/Louzogh/CVE-2021-31800 https://github.com/p0dalirius/CVE-2021-31800-Impacket-SMB-Server-Arbitrary-file-read-write https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2008 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L2958 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624/impacket/smbserver.py#L3485 https://github.com/SecureAuthCorp/impacket/blob/cb6d43a677c338db930bc4e9161620832c1ec624 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVE-2021-25317 – cups: ownership of /var/log/cups allows the lp user to create files as root
https://notcve.org/view.php?id=CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions. Una vulnerabilidad de Permisos Predeterminados Incorrectos en el paquete de cups de SUSE Linux Enterprise Server versión 11-SP4-LTSS, SUSE Manager Server versión 4.0, SUSE OpenStack Cloud Crowbar versión 9; openSUSE Leap versión 15.2, Factory permite a atacantes locales con control de los usuarios lp crear archivos como root con permisos 0644 sin la capacidad de configurar el contenido. • https://bugzilla.suse.com/show_bug.cgi?id=1184161 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47 • CWE-276: Incorrect Default Permissions •
CVE-2021-3426 – python: Information disclosure via pydoc
https://notcve.org/view.php?id=CVE-2021-3426
There's a flaw in Python 3's pydoc. A local or adjacent attacker who discovers or is able to convince another local or adjacent user to start a pydoc server could access the server and use it to disclose sensitive information belonging to the other user that they would not normally be able to access. The highest risk of this flaw is to data confidentiality. This flaw affects Python versions before 3.8.9, Python versions before 3.9.3 and Python versions before 3.10.0a7. Se presenta un fallo en pydoc de Python versión 3. • https://bugzilla.redhat.com/show_bug.cgi?id=1935913 https://lists.debian.org/debian-lts-announce/2021/04/msg00005.html https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/25HVHLBGO2KNPXJ3G426QEYSSCECJDU5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BF2K7HEWADHN6P52R3QLIOX27U3DJ4HI https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •