Main Vulnerability Database Vulnerabilities #VU57038

#VU57038 Incorrect default permissions in containerd - CVE-2021-41103

Published: October 4, 2021

Vulnerability identifier: #VU57038

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-41103

CWE-ID: CWE-276

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
containerd

Software vendor:
containerd

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for container root directories and some plugins. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host can discover, read, and modify those files.

Remediation

Install updates from vendor's website.

External links

https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq
https://github.com/containerd/containerd/releases/tag/v1.5.7
https://github.com/containerd/containerd/releases/tag/v1.4.11

#VU57038 Incorrect default permissions in containerd - CVE-2021-41103

Description

Remediation

External links

Please verify you're human