CVE-2021-40153

Published on: 08/27/2021 12:00:00 AM UTC

Last Modified on: 10/07/2021 05:48:00 PM UTC

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Certain versions of Debian Linux from Debian contain the following vulnerability:

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

  • CVE-2021-40153 has been assigned by URL Logo [email protected] to track the vulnerability - currently rated as HIGH severity.

CVSS3 Score: 8.1 - HIGH

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE HIGH HIGH

CVSS2 Score: 5.8 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL PARTIAL

CVE References

Description Tags Link
Debian -- Security Information -- DSA-4967-1 squashfs-tools www.debian.org
Depreciated Link
text/html
URL Logo DEBIAN DSA-4967
[SECURITY] [DLA 2752-1] squashfs-tools security update lists.debian.org
text/html
URL Logo MLIST [debian-lts-announce] 20210831 [SECURITY] [DLA 2752-1] squashfs-tools security update
[SECURITY] Fedora 34 Update: squashfs-tools-4.5-2.fc34 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-cdbd827c1e
Unsquashfs: fix write outside destination directory exploit · plougher/[email protected] · GitHub github.com
text/html
URL Logo MISC github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
Error: Page not found bugs.launchpad.net
text/html
Inactive LinkNot Archived
URL Logo MISC bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
[SECURITY] Fedora 33 Update: squashfs-tools-4.5-3.20210913gite048580.fc33 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
text/html
URL Logo FEDORA FEDORA-2021-9fb6da134f
unsquashfs - unvalidated filepaths allow writing outside of destination · Issue #72 · plougher/squashfs-tools · GitHub github.com
text/html
URL Logo MISC github.com/plougher/squashfs-tools/issues/72

Related QID Numbers

  • 178783 Debian Security Update for squashfs-tools (DSA 4967-1)
  • 178848 Debian Security Update for squashfs-tools (DLA 2752-1)
  • 198475 Ubuntu Security Notification for Squashfs-Tools Vulnerability (USN-5057-1)
  • 281858 Fedora Security Update for squashfs (FEDORA-2021-cdbd827c1e)
  • 281940 Fedora Security Update for squashfs (FEDORA-2021-9fb6da134f)
  • 670832 EulerOS Security Update for squashfs-tools (EulerOS-SA-2021-2698)
  • 670833 EulerOS Security Update for squashfs-tools (EulerOS-SA-2021-2723)
  • 670954 EulerOS Security Update for squashfs-tools (EulerOS-SA-2021-2674)
  • 671028 EulerOS Security Update for squashfs-tools (EulerOS-SA-2021-2645)

Exploit/POC from Github

PoC for exploiting CVE-2021-40153 : squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the…

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
Operating
System
DebianDebian Linux10.0AllAllAll
Operating
System
DebianDebian Linux9.0AllAllAll
Operating
System
FedoraprojectFedora33AllAllAll
Operating
System
FedoraprojectFedora34AllAllAll
Operating
System
RedhatEnterprise Linux7.0AllAllAll
Operating
System
RedhatEnterprise Linux8.0AllAllAll
ApplicationSquashfs-tools ProjectSquashfs-tools4.5AllAllAll
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*:
  • cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*:
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*:
  • cpe:2.3:a:squashfs-tools_project:squashfs-tools:4.5:*:*:*:*:*:*:*:

Social Mentions

Source Title Posted (UTC)
Twitter Icon @CVEreport CVE-2021-40153 : squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry;… twitter.com/i/web/status/1… 2021-08-27 15:04:37
Twitter Icon @LinInfoSec Ubuntu - CVE-2021-40153: bugs.launchpad.net/ubuntu/+source… 2021-08-27 17:15:37
Twitter Icon @threatmeter CVE-2021-40153 squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; t… twitter.com/i/web/status/1… 2021-08-28 09:09:35
© CVE.report 2021 Twitter Nitter Twitter Viewer |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report