Vulnerability CVE-2021-41103

Vulnerability Name:

CVE-2021-41103 (CCN-210615)

Assigned:

2021-10-04

Published:

2021-10-04

Updated:

2022-06-14

Summary:

containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories.

CVSS v3 Severity:

7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.3 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2021-41103

Source: CONFIRM
Type: UNKNOWN
https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

Source: XF
Type: UNKNOWN
containerd-cve202141103-dir-traversal(210615)

Source: MISC
Type: Patch, Third Party Advisory
https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8

Source: CCN
Type: containerd GIT Repository
Insufficiently restricted permissions on container root and plugin directories

Source: CONFIRM
Type: Third Party Advisory
https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-b5a9a481a2

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-df975338d4

Source: DEBIAN
Type: Third Party Advisory
DSA-5002

Vulnerable Configuration:

Configuration 1:

cpe:/a:linuxfoundation:containerd:*:*:*:*:*:*:*:* (Version >= 1.5.0 and < 1.5.7)

OR cpe:/a:linuxfoundation:containerd:*:*:*:*:*:*:*:* (Version < 1.4.11)

Configuration 2:

cpe:/o:fedoraproject:fedora:34:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:11.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:3797	P	Security update for gimp (Moderate)	2022-08-01
oval:org.opensuse.security:def:95416	P	Security update for the Linux Kernel (Important)	2022-07-21
oval:org.opensuse.security:def:94873	P	docker-20.10.12_ce-159.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3243	P	docker-20.10.12_ce-159.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94713	P	libsqlite3-0-3.36.0-3.12.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94872	P	containerd-1.4.12-150000.65.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:3242	P	containerd-1.4.12-150000.65.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:100061	P	(Moderate)	2022-04-01
oval:org.opensuse.security:def:99750	P	(Moderate)	2022-02-21
oval:org.opensuse.security:def:99209	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:94267	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:101687	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:99483	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:93632	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:42336	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:100075	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:94053	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:93321	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:100747	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:94474	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:996	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:93481	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:42192	P	Security update for containerd, docker (Moderate)	2022-02-04
oval:org.opensuse.security:def:99745	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:93841	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:93163	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:100413	P	(Moderate)	2022-02-04
oval:org.opensuse.security:def:112094	P	containerd-1.4.11-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99157	P	(Moderate)	2021-11-04
oval:org.opensuse.security:def:111104	P	Security update for containerd, docker, runc (Important)	2021-10-31
oval:org.opensuse.security:def:9801	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:5868	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:99551	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:93582	P	(Important)	2021-10-25
oval:org.opensuse.security:def:106440	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:92601	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:42231	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:69742	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:76366	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:100005	P	(Important)	2021-10-25
oval:org.opensuse.security:def:9046	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:102129	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:93980	P	(Important)	2021-10-25
oval:org.opensuse.security:def:98962	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:93268	P	(Important)	2021-10-25
oval:org.opensuse.security:def:105847	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:92012	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:66957	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:100670	P	(Important)	2021-10-25
oval:org.opensuse.security:def:10165	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:94403	P	(Important)	2021-10-25
oval:org.opensuse.security:def:6209	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:106727	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:92800	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:111761	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:69941	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:989	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:9411	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:103020	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:106042	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:92207	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:42132	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:67298	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:10352	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:99688	P	(Important)	2021-10-25
oval:org.opensuse.security:def:8664	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:93766	P	(Important)	2021-10-25
oval:org.opensuse.security:def:108092	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:93108	P	(Important)	2021-10-25
oval:org.opensuse.security:def:70305	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:64886	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:100341	P	(Important)	2021-10-25
oval:org.opensuse.security:def:9602	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:99153	P	(Important)	2021-10-25
oval:org.opensuse.security:def:94192	P	(Important)	2021-10-25
oval:org.opensuse.security:def:3804	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:99352	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:106241	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:92402	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:69551	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:101681	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:76025	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:8851	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:101426	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:108795	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:105652	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:70492	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:64893	P	Security update for containerd, docker, runc (Important)	2021-10-25
oval:org.opensuse.security:def:20653	P	Security update for containerd, docker, runc (Important)	2021-10-12
oval:org.opensuse.security:def:49124	P	Security update for containerd, docker, runc (Important)	2021-10-12

BACK