#VU57416 Link following in squashfs-tools - CVE-2021-41072
Published: October 18, 2021 / Updated: March 18, 2022
Vulnerability identifier: #VU57416
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-41072
CWE-ID: CWE-59
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
squashfs-tools
squashfs-tools
Software vendor:
plougher
plougher
Description
The vulnerability allows a remote attacker to overwrite arbitrary files on the system.
The vulnerability exists due to a link following issue in squashfs_opendir in unsquash-2.c when processing a squashfs filesystem that has been crafted to include a symbolic link under the same filename in a filesystem. The attacker can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.
Remediation
Install update from vendor's website.