#VU57811 Security restrictions bypass


Published: 2021-11-01

Vulnerability identifier: #VU57811

Vulnerability risk: Low

CVSSv3.1:

CVE-ID: CVE-2021-42762

CWE-ID: CWE-264

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
WebKitGTK+
Server applications / Frameworks for developing and running applications
WPE WebKit
Server applications / Frameworks for developing and running applications

Vendor: WebKitGTK
WPE WebKit

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in BubblewrapLauncher.cpp due to application allows a sandboxed process to trick host processes into thinking the sandboxed process is not confined by the sandbox. A local user can abuse the VFS syscalls that manipulate its filesystem namespace and bypass implemented security restrictions. The impact is limited to host services that create UNIX sockets that WebKit mounts inside its sandbox, and the sandboxed process remains otherwise confined.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

WebKitGTK+: 2.33.1 - 2.34.0

WPE WebKit: 2.33.1 - 2.34.0


CPE

External links
http://bugs.webkit.org/show_bug.cgi?id=231479
http://github.com/flatpak/flatpak/security/advisories/GHSA-67h7-w3jq-vh4q
http://www.openwall.com/lists/oss-security/2021/10/26/9
http://www.openwall.com/lists/oss-security/2021/10/27/1
http://www.openwall.com/lists/oss-security/2021/10/27/2
http://www.openwall.com/lists/oss-security/2021/10/27/4
http://www.debian.org/security/2021/dsa-4996
http://www.debian.org/security/2021/dsa-4995
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M5J2LZQTDX53DNSKSGU7TQYCO2HKSTY4/


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability