// For flags

CVE-2021-41103

Insufficiently restricted permissions on plugin directories

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.

containerd es un tiempo de ejecución de contenedores de código abierto con énfasis en la simplicidad, robustez y portabilidad. Se encontró un bug en containerd en el que los directorios root de los contenedores y algunos plugins tenían permisos insuficientemente restringidos, que permitía a usuarios de Linux sin privilegios un salto de directorio de contenidos y ejecutar programas. Cuando los contenedores incluían programas ejecutables con bits de permiso extendidos (como setuid), los usuarios no privilegiados de Linux podían detectar y ejecutar esos programas. Cuando el UID de un usuario de Linux sin privilegios en el host colisionaba con el propietario o el grupo del archivo dentro de un contenedor, el usuario de Linux sin privilegios en el host podía detectar, leer y modificar esos archivos. Esta vulnerabilidad ha sido corregida en containerd versión 1.4.11 y containerd versión 1.5.7. Los usuarios deben actualizar a estas versiones cuando se publiquen y pueden reiniciar los contenedores o actualizar los permisos de directorio para mitigar la vulnerabilidad. Los usuarios que no puedan actualizar deberían limitar el acceso al host a usuarios confiables. Actualizar los permisos de directorio en los directorios de los paquetes de contenedores

A flaw was found in the containerd package. Containerd could allow a local authenticated attacker to traverse directories on the system, due to improper restricted permissions on the container root and plugin directories. This issue could allow an attacker to send a specially-crafted request containing "dot dot" sequences (/../) to view directory contents and execute programs.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-09-15 CVE Reserved
  • 2021-10-04 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linuxfoundation
Search vendor "Linuxfoundation"
Containerd
Search vendor "Linuxfoundation" for product "Containerd"
< 1.4.11
Search vendor "Linuxfoundation" for product "Containerd" and version " < 1.4.11"
-
Affected
Linuxfoundation
Search vendor "Linuxfoundation"
Containerd
Search vendor "Linuxfoundation" for product "Containerd"
>= 1.5.0 < 1.5.7
Search vendor "Linuxfoundation" for product "Containerd" and version " >= 1.5.0 < 1.5.7"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
Fedora
Search vendor "Fedoraproject" for product "Fedora"
35
Search vendor "Fedoraproject" for product "Fedora" and version "35"
-
Affected
Debian
Search vendor "Debian"
Debian Linux
Search vendor "Debian" for product "Debian Linux"
11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected