Your submission was sent successfully! Close

CVE-2021-41072

Published: 14 September 2021

squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.

From the Ubuntu security team

Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.

Priority

Medium

CVSS 3 base score: 8.1

Status

Package Release Status
squashfs-tools
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri)
Released (1:4.4-2ubuntu2)
Ubuntu 21.04 (Hirsute Hippo)
Released (1:4.4-2ubuntu0.2)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1:4.4-1ubuntu0.2)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (1:4.3-6ubuntu0.18.04.4)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (1:4.3-3ubuntu2.16.04.3+esm1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd