Lucene search

GoogleOSV:GHSA-C2H3-6MXW-7MVQ

HistoryOct 04, 2021 - 8:14 p.m.

Insufficiently restricted permissions on plugin directories

2021-10-0420:14:47

Google

osv.dev

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.3%

JSON

Impact

A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files.

Patches

This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability.

Workarounds

Limit access to the host to trusted users. Update directory permission on container bundles directories.

For more information

If you have any questions or comments about this advisory:

Open an issue in github.com/containerd/containerd
Email us at [email protected]

CPENameOperatorVersion
github.com/containerd/containerdge1.5.0
github.com/containerd/containerdlt1.4.11
github.com/containerd/containerdlt1.5.7

Name	Operator	Version
github.com/containerd/containerd	ge	1.5.0
github.com/containerd/containerd	lt	1.4.11
github.com/containerd/containerd	lt	1.5.7

References

cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

github.com/containerd/containerd

github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8

github.com/containerd/containerd/releases/tag/v1.4.11

github.com/containerd/containerd/releases/tag/v1.5.7

github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB

lists.fedoraproject.org/archives/list/[email protected]/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB

lists.fedoraproject.org/archives/list/[email protected]/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB

nvd.nist.gov/vuln/detail/CVE-2021-41103

security.gentoo.org/glsa/202401-31

www.debian.org/security/2021/dsa-5002

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

13.3%

JSON

Related for OSV:GHSA-C2H3-6MXW-7MVQ