Language:
https://cwe.mitre.org/data/definitions/362.html
https://cwe.mitre.org/data/definitions/787.html
https://access.redhat.com/security/cve/CVE-2021-22555
https://access.redhat.com/security/cve/CVE-2021-32399
https://access.redhat.com/errata/RHSA-2021:3381
Severity: High
ID: 152929
File Name: redhat-RHSA-2021-3381.nasl
Version: 1.5
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/1/2021
Updated: 10/7/2021
Supported Sensors: Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent
CVSS Score Source: CVE-2021-22555
Risk Factor: Critical
Score: 9.7
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 4
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Temporal Vector: E:H/RL:OF/RC:C
Risk Factor: High
Base Score: 7.8
Temporal Score: 7.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: E:H/RL:O/RC:C
CPE: cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_11_1, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_15_2, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_21_1, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_24_1, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_25_1, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_2_1, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_2_2, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_31_1, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_36_2, p-cpe:/a:redhat:enterprise_linux:kpatch-patch-3_10_0-1160_6_1
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/31/2021
Vulnerability Publication Date: 4/20/2021
Metasploit (Netfilter x_tables Heap OOB Write Privilege Escalation)
CVE: CVE-2021-22555, CVE-2021-32399