Ubuntu update for squashfs-tools



Published: 2021-10-13
Risk Medium
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2021-41072
CWE-ID CWE-59
Exploitation vector Network
Public exploit N/A
Vulnerable software
Subscribe
Ubuntu
Operating systems & Components / Operating system

squashfs-tools (Ubuntu package)
Operating systems & Components / Operating system package or component

Vendor Canonical Ltd.

Security Bulletin

This security bulletin contains one medium risk vulnerability.

1) Link following

EUVDB-ID: #VU57416

Risk: Medium

CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-41072

CWE-ID: CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Exploit availability: No

Description

The vulnerability allows a remote attacker to overwrite arbitrary files on the system.

The vulnerability exists due to a link following issue in squashfs_opendir in unsquash-2.c when processing a squashfs filesystem that has been crafted to include a symbolic link under the same filename in a filesystem. The attacker can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

Mitigation

Update the affected package squashfs-tools to the latest version.

Vulnerable software versions

Ubuntu: 20.04 - 21.04

squashfs-tools (Ubuntu package): before 1:4.4-2ubuntu0.3

External links

http://ubuntu.com/security/notices/USN-5078-3


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###