{"vulnerability": "cve-2021-3046", "sightings": [{"uuid": "b5ba4369-cde8-4e5a-b293-f44fc3a8f098", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30465", "type": "seen", "source": "https://t.me/k8security/298", "content": "CVE-2021-30465: runc are vulnerable to a symlink exchange attack\n\nCVSS Score: 7.6 High\nCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N\n\n\u0412 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 (\u043a\u0430\u043a \u043f\u043e \u043c\u043d\u0435) \u0432\u044b \u0443\u0432\u0438\u0434\u0438\u0442\u0435 \u0431\u043e\u043b\u0435\u0435 \u0437\u0430\u043f\u0443\u0442\u0430\u043d\u043d\u043e\u0435 \u043d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \"mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs\", \u0437\u0430 \u043a\u043e\u0442\u043e\u0440\u044b\u043c \u0441\u043a\u0440\u044b\u0432\u0430\u0435\u0442\u0441\u044f time-of-check-to-time-of-use (TOCTTOU) \u043f\u0440\u043e\u0431\u043b\u0435\u043c\u0430 \u0438 \u0441\u043f\u0435\u0446\u0438\u0444\u0438\u043a\u0430 \u0440\u0430\u0431\u043e\u0442\u044b \u0441 symlink.\n\n\u041f\u0440\u0438 \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u043f\u043e\u043b\u0443\u0447\u0438\u0442 container escape. \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0435\u0441\u043b\u0438 \u0434\u0430\u0436\u0435 \u043d\u0430 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044e\u0442\u0441\u044f LSMs (AppArmor/SELinux) \u0438 user namespaces, \u0442\u043e \u043e\u043d\u0438 \u043d\u0438\u043a\u0430\u043a \u043d\u0435 \u043e\u0441\u0442\u0430\u043d\u043e\u0432\u044f\u0442 \u044d\u043a\u0441\u043f\u043b\u043e\u0442\u0430\u0446\u0438\u044e, \u0430 \u043b\u0438\u0448\u044c \u043f\u043e\u043c\u043e\u0433\u0443\u0442 \u043c\u0438\u043d\u0438\u043c\u0438\u0437\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0439 \u0443\u0449\u0435\u0440\u0431.\n\n\u0412 \u043f\u0435\u0440\u0432\u0443\u044e \u043e\u0447\u0435\u0440\u0435\u0434\u044c \u044d\u0442\u043e \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e \u0434\u043b\u044f \u0442\u0435\u0445 \u0438\u043d\u0444\u0440\u0430\u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440, \u0433\u0434\u0435 \u043d\u0435\u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u0435 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u0438 \u043c\u043e\u0433\u0443\u0442 \u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0442\u044c \u0441\u043e\u0431\u0441\u0442\u0432\u0435\u043d\u043d\u044b\u0435 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u044b. \u0422\u0430\u043a \u043a\u0430\u043a \u0434\u043b\u044f \u0443\u0441\u043f\u0435\u0448\u043d\u043e\u0439 \u044d\u043a\u0441\u043f\u043b\u043e\u0442\u0430\u0446\u0438\u0438 \u0430\u0442\u0430\u043a\u0443\u044e\u0449\u0438\u0439 \u0434\u043e\u043b\u0436\u0435\u043d \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044e volumes \u0438 \u0438\u043c\u0435\u0442\u044c \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0441\u0432\u043e\u0439 \u0432\u0440\u0435\u0434\u043e\u043d\u043e\u0441\u043d\u044b\u0439 \u043a\u043e\u0434 \u0432\u043d\u0443\u0442\u0440\u0438 \u044d\u0442\u043e\u0433\u043e \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430. \u041a\u0430\u043a \u043c\u044b \u0437\u043d\u0430\u0435\u043c Kubernetes \u0434\u0430\u0435\u0442 \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u044c \u043f\u0440\u0438 \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0438 workload \u0442\u0430\u043a\u043e\u0435 \u0441\u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0438\u0440\u043e\u0432\u0430\u0442\u044c - \u0442\u043e\u0447\u043a\u0438 \u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0438\u0437 \u0445\u043e\u0441\u0442\u0430 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440. \u0418 \u0432 k8s \u0434\u0430\u043d\u043d\u0443\u044e \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0436\u0435 \u0432\u043e\u0441\u043f\u0440\u043e\u0438\u0437\u0432\u0435\u043b\u0438! \u041f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u043d\u0435\u0448\u043d\u0435 \u0434\u0430\u043d\u043d\u0430\u044f \u043a\u043e\u043d\u0444\u0438\u0433\u0443\u0440\u0430\u0446\u0438\u044f \u043f\u043e\u0434\u043e\u0437\u0440\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0439 \u043d\u0435 \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f, \u0441\u0438\u0433\u043d\u0430\u0442\u0443\u0440\u0430\u043c\u0438/\u043f\u0440\u0430\u0432\u0438\u043b\u0430\u043c\u0438 \u043d\u0435 \u043e\u043f\u0438\u0441\u0430\u0442\u044c. \u042d\u0442\u043e \u043d\u0435 \u043a\u0430\u043a \u043f\u0440\u044f\u043c\u043e\u0435 \u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 / \u0432\u043d\u0443\u0442\u0440\u044c \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430, \u043d\u043e \u044d\u0444\u0444\u0435\u043a\u0442 \u0442\u043e\u0442 \u0436\u0435 ;) \n\n\u0427\u0438\u0441\u0442\u043e \u043c\u043e\u0435 IMHO - \u043d\u0435\u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0430\u043f\u0440\u0438\u043e\u0440\u043d\u044b\u0435 \u0437\u043d\u0430\u043d\u0438\u044f \u043e \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0438/\u0438\u043b\u0438 \u043d\u0435\u043c\u043d\u043e\u0433\u043e \u043f\u0435\u0440\u0435\u0431\u043e\u0440\u0430 \u043c\u043e\u0433\u0443\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u044d\u0442\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u043d\u0443\u0442\u044c \u0438 \u0432 \u043a\u043e\u043d\u0442\u0435\u0439\u043d\u0435\u0440\u0430\u0445, \u043a\u043e\u0442\u043e\u0440\u044b\u0435 \u0441\u043e\u0437\u0434\u0430\u043d\u044b/\u043f\u043e\u0434\u0433\u043e\u0442\u043e\u0432\u043b\u0435\u043d\u044b \u043d\u0435 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u043e\u043c, \u043d\u043e \u0438\u043c\u0435\u044e\u0442 \u0442\u043e\u0447\u043a\u0438 \u043c\u043e\u043d\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f, \u0438 \u0433\u0434\u0435 \u0443 \u0437\u043b\u043e\u0443\u043c\u044b\u0448\u043b\u0435\u043d\u043d\u0438\u043a\u0430 \u0435\u0441\u0442\u044c RCE - \u043d\u043e \u044d\u0442\u043e \u0435\u0449\u0435 \u043d\u0443\u0436\u043d\u043e \u043f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c...\n\n\u0412 runc \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0438\u0441\u043f\u0440\u0430\u0432\u0438\u043b\u0438 \u0432 \u0432\u0435\u0440\u0441\u0438\u0438 1.0.0-rc95, \u0430 \u0432 containerd, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0435\u0433\u043e \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442, \u0432 \u0432\u0435\u0440\u0441\u0438\u044f\u0445 1.4.6 \u0438 1.5.2.", "creation_timestamp": "2021-05-20T06:19:57.000000Z"}, {"uuid": "7a6f7897-a119-4c1f-8910-86f701a7ae4e", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-3046", "type": "seen", "source": "https://t.me/cibsecurity/27165", "content": "\u203c CVE-2021-3046 \u203c\n\nAn improper authentication vulnerability exists in Palo Alto Networks PAN-OS software that enables a SAML authenticated attacker to impersonate any other user in the GlobalProtect Portal and GlobalProtect Gateway when they are configured to use SAML authentication. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.19; PAN-OS 9.0 versions earlier than PAN-OS 9.0.14; PAN-OS 9.1 versions earlier than PAN-OS 9.1.9; PAN-OS 10.0 versions earlier than PAN-OS 10.0.5. PAN-OS 10.1 versions are not impacted.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-08-11T20:50:39.000000Z"}, {"uuid": "fab7da2a-ed07-4baf-bd9c-35c6a4d4deeb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30461", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3338", "content": "#exploit\nCVE-2021-30461:\nVoIPmonitor UnAuth RCE\nhttps://ssd-disclosure.com/ssd-advisory-voipmonitor-unauth-rce", "creation_timestamp": "2024-10-04T15:06:16.000000Z"}, {"uuid": "ae43321f-7ac4-4591-a179-246feaca0c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30461", "type": "seen", "source": "https://t.me/pwnwiki_zhchannel/357", "content": "CVE-2021-30461 VoIPmonitor \u9060\u7a0bPHP\u4ee3\u78bc\u57f7\u884c\u6f0f\u6d1e\nhttps://www.pwnwiki.org/index.php?title=CVE-2021-30461_VoIPmonitor_%E9%81%A0%E7%A8%8BPHP%E4%BB%A3%E7%A2%BC%E5%9F%B7%E8%A1%8C%E6%BC%8F%E6%B4%9E", "creation_timestamp": "2021-05-06T11:49:09.000000Z"}, {"uuid": "e8209537-253c-477b-b99f-6f7cc9c67da9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-30465", "type": "published-proof-of-concept", "source": "https://t.me/CyberSecurityTechnologies/3501", "content": "#Cloud_Security\nrunc mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs\n(PoC for CVE-2021-30465)\nhttps://github.com/champtar/blog/blob/main/runc-symlink-CVE-2021-30465/README.md", "creation_timestamp": "2021-05-31T12:07:01.000000Z"}]}