CVE-2021-41072
Published: 14 September 2021
squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
From the Ubuntu Security Team
Richard Weinberger discovered that Squashfs-Tools mishandled certain malformed SQUASHFS files. An attacker could use this vulnerability to write arbitrary files to the filesystem.
Priority
Status
Package | Release | Status |
---|---|---|
squashfs-tools Launchpad, Ubuntu, Debian |
bionic |
Released
(1:4.3-6ubuntu0.18.04.4)
|
focal |
Released
(1:4.4-1ubuntu0.2)
|
|
hirsute |
Released
(1:4.4-2ubuntu0.2)
|
|
impish |
Released
(1:4.4-2ubuntu2)
|
|
jammy |
Released
(1:4.4-2ubuntu2)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Released
(1:4.3-3ubuntu2.16.04.3+esm1)
|
|
Patches: upstream: https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 8.1 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | Required |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41072
- https://github.com/plougher/squashfs-tools/commit/e0485802ec72996c20026da320650d8362f555bd
- https://github.com/plougher/squashfs-tools/issues/72#issuecomment-913833405
- https://ubuntu.com/security/notices/USN-5078-1
- https://ubuntu.com/security/notices/USN-5078-2
- NVD
- Launchpad
- Debian