High Threat Security Alert (A21-07-13): Multiple Vulnerabilities in Linux Operating Systems


 

Published on: 21 July 2021

Share on Facebook    Share on X   

Description:

Multiple vulnerabilities were found in major Linux distributions including Debian, RedHat, SUSE and Ubuntu. A local authenticated attacker may leverage the vulnerabilities to gain root privilege or cause denial of service on a vulnerable system.

Reports indicate that the proof-of-concept (PoC) code for vulnerabilities (CVE-2021-33909 and CVE-2021-33910) are publicly available. System administrators are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

 

Affected Systems:

  • Linux operating systems

It is strongly recommended to consult the product vendors if the used Linux systems are affected.

 

Impact:

Successful exploitation could lead to escalation of privilege or denial of service on a vulnerable system.

 

Recommendation:

The vulnerabilities are fixed in some of the Linux distributions such as RedHat and Ubuntu. The following is only a sample list of Linux distributions that are affected. The list is not exhaustive and it is strongly recommended to consult the product vendors if the used Linux systems are affected. System administrators should check with their product vendors to confirm if their Linux systems are affected and the availability of patches, and if so, apply the patches or follow the recommendations provided by the product vendors to mitigate the risk.

  • Debian
    https://security-tracker.debian.org/tracker/CVE-2021-33909
    https://security-tracker.debian.org/tracker/CVE-2021-33910
  • RedHat
    https://access.redhat.com/security/vulnerabilities/RHSB-2021-006
  • SUSE
    https://www.suse.com/security/cve/CVE-2021-33909.html
    https://www.suse.com/security/cve/CVE-2021-33910.html
  • Ubuntu
    https://ubuntu.com/security/CVE-2021-33909
    https://ubuntu.com/security/CVE-2021-33910

 

More Information:

  • https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
  • https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/cve-2021-33910-denial-of-service-stack-exhaustion-in-systemd-pid-1
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-330909
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-330910


Tag: Linux
Tags