CVE-2021-41089

04.10.2021, 21:15

Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host’s filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	2.8 LOW	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 9%

Affected Products (NVD)

Vendor	Product	Version
mobyproject	moby	𝑥 < 20.10.9

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

docker.io

bookworm	20.10.24+dfsg1-1 fixed
bullseye	20.10.5+dfsg1-1+deb11u2 fixed
bullseye (security)	20.10.5+dfsg1-1+deb11u3 fixed
buster	no-dsa
sid	26.1.5+dfsg1-4 fixed
trixie	26.1.5+dfsg1-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

docker.io

bionic	Fixed 20.10.7-0ubuntu1~18.04.2 released
focal	Fixed 20.10.7-0ubuntu1~20.04.2 released
hirsute	Fixed 20.10.7-0ubuntu1~21.04.2 released
impish	Fixed 20.10.7-0ubuntu5 released
jammy	Fixed 20.10.7-0ubuntu7 released
trusty	dne
xenial	Fixed 18.09.7-0ubuntu1~16.04.9+esm1 released

openSUSE / SLES Releases

openSUSE Product

Release

containerd

suse enterprise desktop 15 SP7	1.4.12-60.1 fixed
suse enterprise sap 12	1.4.12-16.49.1 fixed
suse enterprise sap 12 SP3	1.4.12-16.49.1 fixed
suse enterprise sap 12 SP4	1.4.12-16.49.1 fixed
suse enterprise sap 12 SP5	1.4.12-16.49.1 fixed
suse enterprise sap 15	1.4.11-56.1 fixed
suse enterprise sap 15 SP1	1.4.11-56.1 fixed
suse enterprise sap 15 SP2	1.4.11-56.1 fixed
suse enterprise sap 15 SP3	1.4.12-60.1 fixed
suse enterprise sap 15 SP4	1.4.12-60.1 fixed
suse enterprise sap 15 SP5	1.4.12-60.1 fixed
suse enterprise sap 15 SP6	1.4.12-60.1 fixed
suse enterprise sap 15 SP7	1.4.12-60.1 fixed
suse enterprise server 12	1.4.12-16.49.1 fixed
suse enterprise server 12 SP3	1.4.12-16.49.1 fixed
suse enterprise server 12 SP4	1.4.12-16.49.1 fixed
suse enterprise server 12 SP5	1.4.12-16.49.1 fixed
suse enterprise server 15	1.4.11-56.1 fixed
suse enterprise server 15 SP1	1.4.11-56.1 fixed
suse enterprise server 15 SP2	1.4.11-56.1 fixed
suse enterprise server 15 SP3	1.4.12-60.1 fixed
suse enterprise server 15 SP4	1.4.12-60.1 fixed
suse enterprise server 15 SP5	1.4.12-60.1 fixed
suse enterprise server 15 SP6	1.4.12-60.1 fixed
suse enterprise server 15 SP7	1.4.12-60.1 fixed

containerd-ctr

suse enterprise sap 15 SP5	1.4.12-60.1 fixed
suse enterprise sap 15 SP6	1.4.12-60.1 fixed
suse enterprise sap 15 SP7	1.4.12-60.1 fixed
suse enterprise server 15 SP5	1.4.12-60.1 fixed
suse enterprise server 15 SP6	1.4.12-60.1 fixed
suse enterprise server 15 SP7	1.4.12-60.1 fixed

runc

suse enterprise desktop 15 SP7	1.0.2-23.1 fixed
suse enterprise sap 12	1.0.2-16.14.1 fixed
suse enterprise sap 12 SP3	1.0.2-16.14.1 fixed
suse enterprise sap 12 SP4	1.0.2-16.14.1 fixed
suse enterprise sap 12 SP5	1.0.2-16.14.1 fixed
suse enterprise sap 15	1.0.2-23.1 fixed
suse enterprise sap 15 SP1	1.0.2-23.1 fixed
suse enterprise sap 15 SP2	1.0.2-23.1 fixed
suse enterprise sap 15 SP3	1.0.2-23.1 fixed
suse enterprise sap 15 SP4	1.0.2-23.1 fixed
suse enterprise sap 15 SP5	1.0.2-23.1 fixed
suse enterprise sap 15 SP6	1.0.2-23.1 fixed
suse enterprise sap 15 SP7	1.0.2-23.1 fixed
suse enterprise server 12	1.0.2-16.14.1 fixed
suse enterprise server 12 SP3	1.0.2-16.14.1 fixed
suse enterprise server 12 SP4	1.0.2-16.14.1 fixed
suse enterprise server 12 SP5	1.0.2-16.14.1 fixed
suse enterprise server 15	1.0.2-23.1 fixed
suse enterprise server 15 SP1	1.0.2-23.1 fixed
suse enterprise server 15 SP2	1.0.2-23.1 fixed
suse enterprise server 15 SP3	1.0.2-23.1 fixed
suse enterprise server 15 SP4	1.0.2-23.1 fixed
suse enterprise server 15 SP5	1.0.2-23.1 fixed
suse enterprise server 15 SP6	1.0.2-23.1 fixed
suse enterprise server 15 SP7	1.0.2-23.1 fixed

Common Weakness Enumeration

CWE-281 - Improper Preservation of Permissions
The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

References

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a

https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/

https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf

https://github.com/moby/moby/commit/bce32e5c93be4caf1a592582155b9cb837fc129a

https://github.com/moby/moby/security/advisories/GHSA-v994-f8vw-g7j4

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/