Bug 1932283 (CVE-2021-20264) - CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges
Summary: CVE-2021-20264 containers/openjdk: /etc/passwd is given incorrect privileges
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2021-20264
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1776664 1934081 1937223
TreeView+ depends on / blocked
 
Reported: 2021-02-24 12:46 UTC by Jonathan Christison
Modified: 2021-10-25 15:45 UTC (History)
6 users (show)

Fixed In Version: openjdk 1.8
Doc Type: If docs needed, set a value
Doc Text:
An insecure modification flaw in the /etc/passwd file was found in the openjdk-1.8 and openjdk-11 containers. This flaw allows an attacker with access to the container to modify /etc/passwd and escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Clone Of:
Environment:
Last Closed: 2021-03-23 17:35:43 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2021:0945 0 None None None 2021-03-19 16:56:03 UTC
Red Hat Product Errata RHSA-2021:0946 0 None None None 2021-03-19 16:55:38 UTC

Description Jonathan Christison 2021-02-24 12:46:11 UTC
It has been found that multiple containers modify the permissions of /etc/passwd to make them modifiable by users other than root. An attacker with access to the running container can exploit this to modify /etc/passwd to add a user and escalate their privileges. This CVE is specific to openjdk containers (ubi8/openjdk-8, ubi8/openjdk-11, openjdk/openjdk-11-rhel7, redhat-openjdk-18/openjdk18-openshift)

Comment 5 Jonathan Christison 2021-03-09 09:53:44 UTC
Acknowledgments:

Name: Lukas Najman (Quadient)

Comment 8 errata-xmlrpc 2021-03-19 16:55:35 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK

Via RHSA-2021:0946 https://access.redhat.com/errata/RHSA-2021:0946

Comment 9 errata-xmlrpc 2021-03-19 16:56:02 UTC
This issue has been addressed in the following products:

  Red Hat Build of OpenJDK

Via RHSA-2021:0945 https://access.redhat.com/errata/RHSA-2021:0945

Comment 10 Product Security DevOps Team 2021-03-23 17:35:43 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2021-20264


Note You need to log in before you can comment on or make changes to this bug.