Main Vulnerability Database Vulnerabilities #VU57038

Incorrect default permissions in containerd - CVE-2021-41103

Published: October 4, 2021

Vulnerability identifier: #VU57038

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-41103

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: containerd

Affected software:
containerd

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for container root directories and some plugins. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files.

How to mitigate CVE-2021-41103

Install updates from vendor's website.

Sources

https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://github.com/containerd/containerd/releases/tag/v1.5.7
https://github.com/containerd/containerd/releases/tag/v1.4.11

Incorrect default permissions in containerd - CVE-2021-41103

Detailed vulnerability description

How to mitigate CVE-2021-41103

Sources

Please verify you're human