cnvd - cnvd-2021-67506

cnvd-2021-67506

Vulnerability from cnvd

Title: Squashfs-Tools存在未明漏洞

Description:

Squashfs-Tools是一个开源软件包。

Squashfs-Tools4.5版本存在安全漏洞，该漏洞源于在软件中的unsquash-1.c中的squashfs_opendir函数负责存储目录条目中的文件名，然后unsquashfs使用它在unsquash期间创建新文件。函数文件名操作对于目标目录外的遍历并不进行验证，攻击者可利用该漏洞将文件名被允许写入到目标目录外的位置。

Severity: 高

Patch Name: Squashfs-Tools存在未明漏洞的补丁

Patch Description:

Squashfs-Tools是一个开源软件包。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646

Reference: https://github.com/plougher/squashfs-tools/issues/72

Impacted products

Name
Squashfs-Tools Squashfs-Tools 4.5

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-40153"
    }
  },
  "description": "Squashfs-Tools\u662f\u4e00\u4e2a\u5f00\u6e90\u8f6f\u4ef6\u5305\u3002\n\nSquashfs-Tools4.5\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8f6f\u4ef6\u4e2d\u7684unsquash-1.c\u4e2d\u7684squashfs_opendir\u51fd\u6570\u8d1f\u8d23\u5b58\u50a8\u76ee\u5f55\u6761\u76ee\u4e2d\u7684\u6587\u4ef6\u540d\uff0c\u7136\u540eunsquashfs\u4f7f\u7528\u5b83\u5728unsquash\u671f\u95f4\u521b\u5efa\u65b0\u6587\u4ef6\u3002\u51fd\u6570\u6587\u4ef6\u540d\u64cd\u4f5c\u5bf9\u4e8e\u76ee\u6807\u76ee\u5f55\u5916\u7684\u904d\u5386\u5e76\u4e0d\u8fdb\u884c\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6587\u4ef6\u540d\u88ab\u5141\u8bb8\u5199\u5165\u5230\u76ee\u6807\u76ee\u5f55\u5916\u7684\u4f4d\u7f6e\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-67506",
  "openTime": "2021-09-02",
  "patchDescription": "Squashfs-Tools\u662f\u4e00\u4e2a\u5f00\u6e90\u8f6f\u4ef6\u5305\u3002\r\n\r\nSquashfs-Tools4.5\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u8f6f\u4ef6\u4e2d\u7684unsquash-1.c\u4e2d\u7684squashfs_opendir\u51fd\u6570\u8d1f\u8d23\u5b58\u50a8\u76ee\u5f55\u6761\u76ee\u4e2d\u7684\u6587\u4ef6\u540d\uff0c\u7136\u540eunsquashfs\u4f7f\u7528\u5b83\u5728unsquash\u671f\u95f4\u521b\u5efa\u65b0\u6587\u4ef6\u3002\u51fd\u6570\u6587\u4ef6\u540d\u64cd\u4f5c\u5bf9\u4e8e\u76ee\u6807\u76ee\u5f55\u5916\u7684\u904d\u5386\u5e76\u4e0d\u8fdb\u884c\u9a8c\u8bc1\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5c06\u6587\u4ef6\u540d\u88ab\u5141\u8bb8\u5199\u5165\u5230\u76ee\u6807\u76ee\u5f55\u5916\u7684\u4f4d\u7f6e\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Squashfs-Tools\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Squashfs-Tools Squashfs-Tools 4.5"
  },
  "referenceLink": "https://github.com/plougher/squashfs-tools/issues/72",
  "serverity": "\u9ad8",
  "submitTime": "2021-08-31",
  "title": "Squashfs-Tools\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2021-40153 (GCVE-0-2021-40153)

Vulnerability from cvelistv5

Published

2021-08-27 00:00

Modified

2024-08-04 02:27

Severity ?

CWE

Summary

squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination.

References

▼	URL	Tags
	https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
	https://github.com/plougher/squashfs-tools/issues/72
	https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html	mailing-list
	https://www.debian.org/security/2021/dsa-4967	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/	vendor-advisory
	https://security.gentoo.org/glsa/202305-29	vendor-advisory

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T02:27:31.648Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/plougher/squashfs-tools/issues/72"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790"
          },
          {
            "name": "FEDORA-2021-cdbd827c1e",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/"
          },
          {
            "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2752-1] squashfs-tools security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html"
          },
          {
            "name": "DSA-4967",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4967"
          },
          {
            "name": "FEDORA-2021-9fb6da134f",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/"
          },
          {
            "name": "GLSA-202305-29",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202305-29"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "squashfs_opendir in unsquash-1.c in Squashfs-Tools 4.5 stores the filename in the directory entry; this is then used by unsquashfs to create the new file during the unsquash. The filename is not validated for traversal outside of the destination directory, and thus allows writing to locations outside of the destination."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-30T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646"
        },
        {
          "url": "https://github.com/plougher/squashfs-tools/issues/72"
        },
        {
          "url": "https://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790"
        },
        {
          "name": "FEDORA-2021-cdbd827c1e",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/"
        },
        {
          "name": "[debian-lts-announce] 20210831 [SECURITY] [DLA 2752-1] squashfs-tools security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00030.html"
        },
        {
          "name": "DSA-4967",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4967"
        },
        {
          "name": "FEDORA-2021-9fb6da134f",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GSMRKVJMJFX3MB7D3PXJSYY3TLZROE5S/"
        },
        {
          "name": "GLSA-202305-29",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202305-29"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2021-40153",
    "datePublished": "2021-08-27T00:00:00",
    "dateReserved": "2021-08-27T00:00:00",
    "dateUpdated": "2024-08-04T02:27:31.648Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted