Vulnerability CVE-2021-3570

Vulnerability Name:

CVE-2021-3570 (CCN-204928)

Assigned:

2021-07-05

Published:

2021-07-05

Updated:

2022-10-07

Summary:

A flaw was found in the ptp4l program of the linuxptp package. A missing length check when forwarding a PTP message between ports allows a remote attacker to cause an information leak, crash, or potentially remote code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. This flaw affects linuxptp versions before 3.1.1, before 2.0.1, before 1.9.3, before 1.8.1, before 1.7.1, before 1.6.1 and before 1.5.1.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

8.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
7.7 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.0 High (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-787
CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-3570

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1966240

Source: XF
Type: UNKNOWN
linuxptp-cve20213570-unspecified(204928)

Source: CCN
Type: linuxptp GIT Repository
linuxptp

Source: MLIST
Type: Third Party Advisory
[debian-lts-announce] 20210731 [SECURITY] [DLA 2723-1] linuxptp security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-a5b584004c

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-1b42c2f458

Source: CCN
Type: oss-sec Mailing List, Mon, 5 Jul 2021 15:30:14 -0700
linuxptp: Fixes published for CVE-2021-3570 and CVE-2021-3571

Source: DEBIAN
Type: Third Party Advisory
DSA-4938

Vulnerable Configuration:

Configuration 1:

cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version >= 3.0.0 and < 3.1.1)

OR cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version >= 2.0.0 and < 2.0.1)

OR cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version >= 1.9.0 and < 1.9.3)

OR cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version >= 1.8.0 and < 1.8.1)

OR cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version < 1.5.1)

OR cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version >= 1.6.0 and < 1.6.1)

OR cpe:/a:linuxptp_project:linuxptp:*:*:*:*:*:*:*:* (Version >= 1.7.0 and < 1.7.1)

Configuration 2:

cpe:/o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_aus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_tus:8.2:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_aus:8.4:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux_tus:8.4:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration RedHat 6:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 7:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8056	P	perl-YAML-LibYAML-0.69-150000.3.5.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7977	P	spice-vdagent-0.22.1-150500.2.2 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51930	P	Security update for sqlite3 (Moderate)	2022-11-02
oval:org.opensuse.security:def:99706	P	(Moderate)	2021-12-16
oval:org.opensuse.security:def:100015	P	(Important)	2021-11-16
oval:org.opensuse.security:def:93107	P	(Moderate)	2021-10-20
oval:org.opensuse.security:def:102209	P	Security update for linuxptp (Moderate)	2021-09-23
oval:org.opensuse.security:def:69145	P	Security update for linuxptp (Moderate)	2021-09-23
oval:org.opensuse.security:def:1633	P	Security update for linuxptp (Moderate)	2021-09-23
oval:org.opensuse.security:def:111725	P	Security update for linuxptp (Moderate)	2021-09-23
oval:org.opensuse.security:def:93260	P	(Important)	2021-08-12
oval:org.opensuse.security:def:110994	P	Security update for linuxptp (Important)	2021-08-09
oval:org.opensuse.security:def:34494	P	Security update for linuxptp (Important)	2021-07-28
oval:org.opensuse.security:def:60317	P	Security update for linuxptp (Important)	2021-07-28
oval:org.opensuse.security:def:9005	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:91971	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:69066	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:99507	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:10123	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:92756	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:69897	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:109414	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:98921	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:9369	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:96058	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:92166	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:10308	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:8625	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:92954	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:70263	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:99116	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:9558	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:92358	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:69509	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:8810	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:70448	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:118510	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:99308	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:9757	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:92557	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:69698	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:102748	P	Security update for linuxptp (Important)	2021-07-27
oval:org.opensuse.security:def:33690	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:125575	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:29402	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:57053	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:88162	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:83433	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:31657	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:59513	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:55225	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:86121	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:33948	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:126744	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:30106	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:57480	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:88476	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:84182	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:32149	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:23630	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:59771	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:55929	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:86613	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:82609	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:127141	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:30226	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:57972	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:89168	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:51618	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:84641	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:32968	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:23942	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:56049	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:87432	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:83313	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:31230	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:58791	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:89426	P	Security update for linuxptp (Important)	2021-07-21
oval:org.opensuse.security:def:85694	P	Security update for linuxptp (Important)	2021-07-21
oval:com.redhat.rhsa:def:20212658	P	RHSA-2021:2658: linuxptp security update (Important)	2021-07-06
oval:com.redhat.rhsa:def:20212660	P	RHSA-2021:2660: linuxptp security update (Important)	2021-07-06

BACK