Lucene search

K

ROSA LABROSA-SA-2023-2293

HistoryNov 14, 2023 - 1:27 p.m.

Advisory ROSA-SA-2023-2293

2023-11-1413:27:35

ROSA LAB

abf.rosalinux.ru

5

glibc

rosa virtualization

vulnerability

remote code execution

yum update

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

Software: glibc 2.28
OS: ROSA Virtualization 2.1

package_evr_string: glibc-2.28-225.rv3.src.rpm

CVE-ID: CVE-2021-3999
BDU-ID: 2022-01635
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the getcwd() function of the glibc system library is associated with a single offset error. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code by sending specially generated data to the application
CVE-STATUS: Resolved
CVE-REV: Run the yum update glibc command to close it.

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchglibc< 2.28UNKNOWN

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

0.0004 Low

EPSS

Percentile

5.3%

Related for ROSA-SA-2023-2293