PT-2019-6144 · Unknown+9 · Squashfs-Tools+9

Richard Weinberger

·

Published

2019-09-10

·

Updated

2024-08-20

·

CVE-2021-41072

CVSS v2.0

8.8

High

VectorAV:N/AC:M/Au:N/C:N/I:C/A:C
Name of the Vulnerable Software and Affected Versions Squashfs-Tools version 4.5
Description The issue is related to the squashfs opendir function in the unsquash-2.c component of Squashfs-Tools, which incorrectly handles symbolic links before accessing a file. This allows a remote attacker to compromise data integrity and cause a denial of service. Specifically, a crafted squashfs filesystem containing a symbolic link and subsequent contents with the same filename can cause unsquashfs to create the symbolic link outside the expected directory, and then write through the symbolic link elsewhere in the filesystem.
Recommendations For Squashfs-Tools version 4.5, consider disabling the squashfs opendir function in unsquash-2.c as a temporary workaround to prevent potential exploitation. Restrict access to the unsquashfs process to minimize the risk of symbolic link manipulation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-59CWE-22

Related Identifiers

ALSA-2024:2396
ALSA-2024:3139
ALT-PU-2021-2899
ALT-PU-2021-2957
ALT-PU-2022-1572
ALT-PU-2022-1691
ALT-PU-2022-1719
ALT-PU-2022-1744
AZL-7464
BDU:2021-06307
CESA-2024_3139
CVE-2021-41072
DLA-2789-1
DSA-4987-1
INFSA-2024_2396
INFSA-2024_3139
MGASA-2022-0010
OESA-2021-1425
OPENSUSE-SU-2023_4591-1
OPENSUSE-SU-2024:11986-1
RHSA-2024:2396
RHSA-2024:3139
RHSA-2024_2396
RHSA-2024_3139
RLSA-2024:3139
SUSE-SU-2023:4424-1
SUSE-SU-2023:4591-1
SUSE-SU-2024:2463-1
USN-5078-1
USN-5078-2
USN-5078-3

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Red Hat
Rocky Linux
Squashfs-Tools
Suse
Ubuntu