Vulnerability CVE-2021-3999

Vulnerability Name:

CVE-2021-3999 (CCN-217981)

Assigned:

2021-11-22

Published:

2022-01-11

Updated:

2023-02-12

Summary:

A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.4 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.3 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

7.4 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
6.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

7.2 High (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-193

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-3999

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: XF
Type: UNKNOWN
gnu-glibc-cve20213999-bo(217981)

Source: secalert@redhat.com
Type: Mailing List, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-sec Mailing List, Mon, 24 Jan 2022 14:05:01 +0000
CVE-2021-3998 and CVE-2021-3999 in glibc's realpath() and getcwd()

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: glibc GIT Repository
getcwd: Set errno to ERANGE for size == 1 (CVE-2021-3999)

Source: CCN
Type: IBM Security Bulletin 6569153 (MQ Operator CD Release)
IBM MQ Operator and Queue manager container images are vulnerable to multiple issues within Red Hat UBI packages and the IBM WebSphere Application Server Liberty shipped with IBM MQ Operator v1.7 CD Release

Source: CCN
Type: IBM Security Bulletin 6573629 (App Connect Professional)
App Connect Professional is affected by GNU C Library vulnerability

Source: CCN
Type: IBM Security Bulletin 6578621 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow and underflow in GNU C Library (CVE-2021-3999)

Source: CCN
Type: IBM Security Bulletin 6607135 (QRadar SIEM)
IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6612587 (Cloud Pak System Software)
Multiple vulnerabilities in expat, glibc, http server, dojo, openssl shipped with IBM Cloud Pak System

Source: CCN
Type: IBM Security Bulletin 6615957 (Elastic Storage System)
glibc vulnerability affects IBM Elastic Storage System (CVE-2021-3999)

Source: CCN
Type: IBM Security Bulletin 6831813 (Netcool Operations Insight)
Netcool Operations Insight v1.6.6 contains fixes for multiple security vulnerabilities.

Source: CCN
Type: IBM Security Bulletin 6832956 (Cloud Pak for Security)
IBM Cloud Pak for Security is vulnerable to using components with known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6856409 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Source: CCN
Type: IBM Security Bulletin 6890837 (Watson Speech Services Cartridge for Cloud Pak for Data)
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a buffer overflow in GNU glibc (CVE-2021-3999)

Source: CCN
Type: IBM Security Bulletin 6982841 (Netcool Operations Insight)
Netcool Operations Insight v1.6.8 addresses multiple security vulnerabilities.

Source: CCN
Type: Mend Vulnerability Database
CVE-2021-3999

Source: secalert@redhat.com
Type: Exploit, Mailing List, Third Party Advisory
secalert@redhat.com

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:8::baseos:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:glibc:-:*:*:*:*:*:*:*

AND

cpe:/a:ibm:qradar_security_information_and_event_manager:7.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:qradar_security_information_and_event_manager:7.4:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.6.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8010	P	glibc-devel-32bit-2.31-150300.46.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7510	P	glibc-2.31-150300.46.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3385	P	tpm2.0-tools-3.1.4-1.12 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2935	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94565	P	glibc-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95015	P	glibc-devel-32bit-2.31-150300.20.7 on GA media (Moderate)	2022-06-22
oval:com.redhat.rhsa:def:20220896	P	RHSA-2022:0896: glibc security update (Moderate)	2022-03-15
oval:org.opensuse.security:def:119708	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:119148	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:119340	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:118845	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:42212	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:119523	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:119035	P	Security update for glibc (Important)	2022-03-14
oval:org.opensuse.security:def:5343	P	Security update for glibc (Important)	2022-02-16
oval:org.opensuse.security:def:125799	P	Security update for glibc (Important)	2022-02-16
oval:org.opensuse.security:def:6161	P	Security update for glibc (Important)	2022-02-16
oval:org.opensuse.security:def:126962	P	Security update for glibc (Important)	2022-02-16
oval:org.opensuse.security:def:127360	P	Security update for glibc (Important)	2022-02-16
oval:org.opensuse.security:def:94266	P	(Important)	2022-02-04
oval:org.opensuse.security:def:42334	P	Security update for glibc (Important)	2022-02-04
oval:org.opensuse.security:def:101628	P	Security update for glibc (Important)	2022-02-04
oval:org.opensuse.security:def:93631	P	(Important)	2022-02-04
oval:org.opensuse.security:def:100073	P	(Important)	2022-02-04
oval:org.opensuse.security:def:94473	P	(Important)	2022-02-04
oval:org.opensuse.security:def:93162	P	(Important)	2022-02-04
oval:org.opensuse.security:def:101850	P	Security update for glibc (Important)	2022-02-04
oval:org.opensuse.security:def:99207	P	(Important)	2022-02-04
oval:org.opensuse.security:def:93840	P	(Important)	2022-02-04
oval:org.opensuse.security:def:100411	P	(Important)	2022-02-04
oval:org.opensuse.security:def:93320	P	(Important)	2022-02-04
oval:org.opensuse.security:def:936	P	Security update for glibc (Important)	2022-02-04
oval:org.opensuse.security:def:99481	P	(Important)	2022-02-04
oval:org.opensuse.security:def:94052	P	(Important)	2022-02-04
oval:org.opensuse.security:def:100745	P	(Important)	2022-02-04
oval:org.opensuse.security:def:93480	P	(Important)	2022-02-04
oval:org.opensuse.security:def:1188	P	Security update for glibc (Important)	2022-02-04
oval:org.opensuse.security:def:99743	P	(Important)	2022-02-04

BACK