Details of VAR-202101-1926

ID

VAR-202101-1926

CVE

CVE-2021-3156

TITLE

Sensormatic Electronics Made Illustra Vulnerability related to judgment of boundary conditions

Trust: 0.8

sources: JVNDB: JVNDB-2021-002344

DESCRIPTION

Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character. Sensormatic Electronics Company ( Johnson Controls subsidiary) Illustra is a surveillance and security camera system. Illustra includes vulnerabilities related to boundary condition determination ( CWE-193 , CVE-2021-3156 ) exists.Installed in the product by a third party under certain conditions Linux Operating system administrator privileges can be obtained. Summary: Red Hat Ansible Automation Platform Resource Operator 1.2 (technical preview) images that fix several security issues. Description: Red Hat Ansible Automation Platform Resource Operator container images with security fixes. Ansible Automation Platform manages Ansible Platform jobs and workflows that can interface with any infrastructure on a Red Hat OpenShift Container Platform cluster, or on a traditional infrastructure that is running off-cluster. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/): 1914774 - CVE-2021-20178 ansible: user data leak in snmp_facts module 1915808 - CVE-2021-20180 ansible module: bitbucket_pipeline_variable exposes secured values 1916813 - CVE-2021-20191 ansible: multiple modules expose secured values 1925002 - CVE-2021-20228 ansible: basic.py no_log with fallback option 1939349 - CVE-2021-3447 ansible: multiple modules expose secured values 5. 8.1) - aarch64, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: sudo security update Advisory ID: RHSA-2021:0227-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0227 Issue date: 2021-01-26 CVE Names: CVE-2021-3156 ==================================================================== 1. Summary: An update for sudo is now available for Red Hat Enterprise Linux 6 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Server (v. 6 ELS) - i386, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 6 ELS) - i386, s390x, x86_64 3. Description: The sudo packages contain the sudo utility which allows system administrators to provide certain users with the permission to execute privileged commands, which are used for system management purposes, without having to log in as root. Security Fix(es): * sudo: Heap buffer overflow in argument parsing (CVE-2021-3156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 6. Package List: Red Hat Enterprise Linux Server (v. 6 ELS): Source: sudo-1.8.6p3-29.el6_10.4.src.rpm i386: sudo-1.8.6p3-29.el6_10.4.i686.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm s390x: sudo-1.8.6p3-29.el6_10.4.s390x.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.s390x.rpm x86_64: sudo-1.8.6p3-29.el6_10.4.x86_64.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 6 ELS): i386: sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm sudo-devel-1.8.6p3-29.el6_10.4.i686.rpm s390x: sudo-debuginfo-1.8.6p3-29.el6_10.4.s390.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.s390x.rpm sudo-devel-1.8.6p3-29.el6_10.4.s390.rpm sudo-devel-1.8.6p3-29.el6_10.4.s390x.rpm x86_64: sudo-debuginfo-1.8.6p3-29.el6_10.4.i686.rpm sudo-debuginfo-1.8.6p3-29.el6_10.4.x86_64.rpm sudo-devel-1.8.6p3-29.el6_10.4.i686.rpm sudo-devel-1.8.6p3-29.el6_10.4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-002 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYBBzLtzjgjWX9erEAQiH8Q//e7VIVRc7bpBJ5UglhZdYAPZOj2ZL4zmz NXeQXgm+/FcWL43s6sap6Z1n6nbFG/ONyusXlXEgBEp5W/P0DBRYeZBpP8RgpeWb 48YUvvAkWhVJHuI+iHbpdzVq8YvujPTgiilX/NWH2Rg1zlX5nt1P+iDkICzw5vej /HfrYVXJ2hv082vc3Vmw5cw/zXUcnjxV/3f6Nw90TOr8JAW3jt8nWaj23NEVPxZK KxQIg1V+hY8xoePo6ieYAqSG/Z+P5uPcLesM1B0quW3yn5Zj2R22EKu9VLCZxx+Q EaJcODlMSKjliOPUiWCEzZFvE35v2yxeLtH1J1PG5btu1yQ0VUP7DdAjnEIxcJHw CjkcrXFvh9cg7iL3KzzhUwaJoqWgKtdianBXl/OGZ+g/yjUJktP6oizr9e4mZs2B XllYFth8vCxQMFApcg0w8qJroL0mDThFKKFxNy6Hp12+uzGVu3axuiGx4lHHIMyY PTf9kbTROKA9o7ZpdEwzyNzM0q45SsR8bl3JUOn1nNu1abwlDDWcJNIM7Et801V4 ECXnCq9fZtKlfo9baBNjOZTM3vNMgpEdjaEnoUY2Nbs7VAfixq6nU+afBvYnRYip Xmr76L401Nt9AGZwsFgcnIij7TBsHqMBZc/dlQZOom0xcFnEBMXr5Otg+WEXpxSC Wa2r4ztj/s4=vUic -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-4705-2 January 27, 2021 sudo vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 14.04 ESM - Ubuntu 12.04 ESM Summary: Several security issues were fixed in Sudo. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Sudo incorrectly handled memory when parsing command lines. A local attacker could possibly use this issue to obtain unintended access to the administrator account. (CVE-2021-3156) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 14.04 ESM: sudo 1.8.9p5-1ubuntu1.5+esm6 Ubuntu 12.04 ESM: sudo 1.8.3p1-1ubuntu3.10 In general, a standard system update will make all the necessary changes

Trust: 2.07

sources: NVD: CVE-2021-3156 // JVNDB: JVNDB-2021-002344 // VULHUB: VHN-383931 // PACKETSTORM: 162142 // PACKETSTORM: 161137 // PACKETSTORM: 161141 // PACKETSTORM: 161163

AFFECTED PRODUCTS

vendor:	netapp	model:	hci management node	scope:	eq	version:	-	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	gte	version:	1.9.0	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.3.0.2.1	Trust: 1.0
vendor:	netapp	model:	ontap select deploy administration utility	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	micros es400	scope:	gte	version:	400	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	lte	version:	10.4.0.3.1	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	10.0.4	Trust: 1.0
vendor:	beyondtrust	model:	privilege management for mac	scope:	lt	version:	21.1.1	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	9.2.8	Trust: 1.0
vendor:	oracle	model:	micros es400	scope:	lte	version:	410	Trust: 1.0
vendor:	synology	model:	skynas	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.3.0.0.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	32	Trust: 1.0
vendor:	synology	model:	diskstation manager	scope:	eq	version:	6.2	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	lt	version:	1.8.32	Trust: 1.0
vendor:	oracle	model:	micros kitchen display system	scope:	eq	version:	210	Trust: 1.0
vendor:	beyondtrust	model:	privilege management for unix\/linux	scope:	lt	version:	10.3.2-10	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	lt	version:	1.9.5	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	gte	version:	7.4.0	Trust: 1.0
vendor:	synology	model:	diskstation manager unified controller	scope:	eq	version:	3.0	Trust: 1.0
vendor:	oracle	model:	micros compact workstation 3	scope:	eq	version:	310	Trust: 1.0
vendor:	netapp	model:	solidfire	scope:	eq	version:	-	Trust: 1.0
vendor:	mcafee	model:	web gateway	scope:	eq	version:	8.2.17	Trust: 1.0
vendor:	oracle	model:	micros workstation 6	scope:	gte	version:	610	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	33	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	gte	version:	1.8.2	Trust: 1.0
vendor:	netapp	model:	oncommand unified manager core package	scope:	eq	version:	-	Trust: 1.0
vendor:	synology	model:	vs960hd	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	tekelec platform distribution	scope:	lte	version:	7.7.1	Trust: 1.0
vendor:	sudo	model:	sudo	scope:	eq	version:	1.9.5	Trust: 1.0
vendor:	netapp	model:	ontap tools	scope:	eq	version:	9	Trust: 1.0
vendor:	netapp	model:	active iq unified manager	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	micros workstation 6	scope:	lte	version:	655	Trust: 1.0
vendor:	oracle	model:	communications performance intelligence center	scope:	gte	version:	10.4.0.1.0	Trust: 1.0
vendor:	oracle	model:	micros workstation 5a	scope:	eq	version:	5a	Trust: 1.0
vendor:	sensormatic	model:	insight	scope:	-	version:	-	Trust: 0.8
vendor:	sensormatic	model:	flex gen 2	scope:	-	version:	-	Trust: 0.8
vendor:	sensormatic	model:	pro 2	scope:	-	version:	-	Trust: 0.8
vendor:	sensormatic	model:	pro gen 3	scope:	eq	version:	v2.8.0 all previous s	Trust: 0.8

sources: JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-3156
value:	HIGH
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-3156
value:	HIGH
Trust: 1.0
OTHER:	JVNDB-2021-002344
value:	HIGH
Trust: 0.8
VULHUB:	VHN-383931
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-3156
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-383931
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-3156
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 2.0
OTHER:	JVNDB-2021-002344
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-383931 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156 // NVD: CVE-2021-3156

PROBLEMTYPE DATA

problemtype:	CWE-193	Trust: 1.1
problemtype:	Determination of boundary conditions (CWE-193) [ others ]	Trust: 0.8

sources: VULHUB: VHN-383931 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

THREAT TYPE

local

Trust: 0.1

sources: PACKETSTORM: 161163

TYPE

overflow, root

Trust: 0.2

sources: PACKETSTORM: 161137 // PACKETSTORM: 161141

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-383931

PATCH

title:

Product Security Advisory | JCI-PSA-2021-13 (( PDF )

url:

https://www.johnsoncontrols.com/-/media/jci/cyber-solutions/product-security-advisories/2021/jci-psa-2021-13.pdf?la=en&hash=FC6A4C7293ABA5697AC763F92E4256CA4F3D7B1D

Trust: 0.8

sources: JVNDB: JVNDB-2021-002344

EXTERNAL IDS

db:	NVD	id:	CVE-2021-3156	Trust: 3.1
db:	PACKETSTORM	id:	161230	Trust: 1.1
db:	PACKETSTORM	id:	161160	Trust: 1.1
db:	PACKETSTORM	id:	161270	Trust: 1.1
db:	PACKETSTORM	id:	161293	Trust: 1.1
db:	MCAFEE	id:	SB10348	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/01/27/2	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/01/26/3	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/02/15/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/01/27/1	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2021/09/14/2	Trust: 1.1
db:	CERT/CC	id:	VU#794544	Trust: 1.1
db:	OPENWALL	id:	OSS-SECURITY/2024/01/30/6	Trust: 1.0
db:	OPENWALL	id:	OSS-SECURITY/2024/01/30/8	Trust: 1.0
db:	PACKETSTORM	id:	176932	Trust: 1.0
db:	JVN	id:	JVNVU96493147	Trust: 0.8
db:	JVN	id:	JVNVU96372273	Trust: 0.8
db:	JVN	id:	JVNVU90511416	Trust: 0.8
db:	ICS CERT	id:	ICSA-22-256-01	Trust: 0.8
db:	ICS CERT	id:	ICSA-21-245-01	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-002344	Trust: 0.8
db:	PACKETSTORM	id:	161163	Trust: 0.2
db:	PACKETSTORM	id:	161141	Trust: 0.2
db:	PACKETSTORM	id:	161137	Trust: 0.2
db:	PACKETSTORM	id:	161143	Trust: 0.1
db:	PACKETSTORM	id:	161152	Trust: 0.1
db:	PACKETSTORM	id:	161138	Trust: 0.1
db:	PACKETSTORM	id:	161144	Trust: 0.1
db:	PACKETSTORM	id:	161140	Trust: 0.1
db:	PACKETSTORM	id:	161142	Trust: 0.1
db:	PACKETSTORM	id:	161272	Trust: 0.1
db:	PACKETSTORM	id:	161139	Trust: 0.1
db:	PACKETSTORM	id:	161398	Trust: 0.1
db:	PACKETSTORM	id:	161136	Trust: 0.1
db:	PACKETSTORM	id:	161135	Trust: 0.1
db:	PACKETSTORM	id:	161281	Trust: 0.1
db:	PACKETSTORM	id:	161145	Trust: 0.1
db:	SEEBUG	id:	SSVID-99117	Trust: 0.1
db:	VULHUB	id:	VHN-383931	Trust: 0.1
db:	PACKETSTORM	id:	162142	Trust: 0.1

sources: VULHUB: VHN-383931 // PACKETSTORM: 162142 // PACKETSTORM: 161137 // PACKETSTORM: 161141 // PACKETSTORM: 161163 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2021/01/26/3	Trust: 2.2
url:	https://www.kb.cert.org/vuls/id/794544	Trust: 1.1
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-sudo-privesc-jan2021-qnyqfcm	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20210128-0001/	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20210128-0002/	Trust: 1.1
url:	https://support.apple.com/kb/ht212177	Trust: 1.1
url:	https://www.sudo.ws/stable.html#1.9.5p2	Trust: 1.1
url:	https://www.synology.com/security/advisory/synology_sa_21_02	Trust: 1.1
url:	https://www.debian.org/security/2021/dsa-4839	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/jan/79	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2021/feb/42	Trust: 1.1
url:	https://security.gentoo.org/glsa/202101-33	Trust: 1.1
url:	http://packetstormsecurity.com/files/161160/sudo-heap-based-buffer-overflow.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/161230/sudo-buffer-overflow-privilege-escalation.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/161270/sudo-1.9.5p1-buffer-overflow-privilege-escalation.html	Trust: 1.1
url:	http://packetstormsecurity.com/files/161293/sudo-1.8.31p2-1.9.5p1-buffer-overflow.html	Trust: 1.1
url:	https://www.beyondtrust.com/blog/entry/security-advisory-privilege-management-for-unix-linux-pmul-basic-and-privilege-management-for-mac-pmm-affected-by-sudo-vulnerability	Trust: 1.1
url:	https://www.oracle.com//security-alerts/cpujul2021.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuoct2021.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/01/msg00022.html	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/01/27/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/01/27/2	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/02/15/1	Trust: 1.1
url:	http://www.openwall.com/lists/oss-security/2021/09/14/2	Trust: 1.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-3156	Trust: 1.1
url:	http://seclists.org/fulldisclosure/2024/feb/3	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2024/01/30/6	Trust: 1.0
url:	https://www.vicarius.io/vsociety/posts/sudoedit-pwned-cve-2021-3156	Trust: 1.0
url:	http://packetstormsecurity.com/files/176932/glibc-syslog-heap-based-buffer-overflow.html	Trust: 1.0
url:	http://www.openwall.com/lists/oss-security/2024/01/30/8	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/	Trust: 1.0
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10348	Trust: 1.0
url:	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=cve-2021-3156	Trust: 1.0
url:	http://jvn.jp/cert/jvnvu96372273	Trust: 0.8
url:	https://jvn.jp/vu/jvnvu96493147/	Trust: 0.8
url:	http://jvn.jp/vu/jvnvu90511416/index.html	Trust: 0.8
url:	https://us-cert.cisa.gov/ics/advisories/icsa-21-245-01	Trust: 0.8
url:	https://www.cisa.gov/uscert/ics/advisories/icsa-22-256-01	Trust: 0.8
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2021-3156	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.2
url:	https://access.redhat.com/security/vulnerabilities/rhsb-2021-002	Trust: 0.2
url:	https://access.redhat.com/security/team/key/	Trust: 0.2
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.2
url:	https://kc.mcafee.com/corporate/index?page=content&id=sb10348	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/lhxk6ico5aylgfk2tax5mzkuxtukwojy/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/cala5ftxiqbrryua2zqnjxb6oqmaxeii/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17006	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:1079	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8625	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2017-12652	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12402	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20228	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-7595	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2018-20843	Trust: 0.1
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17006	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17546	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20388	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12401	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-14973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17546	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17023	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12243	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-12749	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-6829	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14866	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-8177	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12403	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2017-12652	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12400	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-20388	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-3447	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-19956	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11756	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12243	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12400	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-5313	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20191	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-11727	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-1971	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-5094	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20180	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-11727	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-12403	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5188	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-15903	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-15999	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-5094	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15903	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-14973	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-19956	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-5313	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2019-17498	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-14422	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-17498	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2019-20907	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-20178	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-14422	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2018-20843	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2020-12402	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0220	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:0227	Trust: 0.1
url:	https://usn.ubuntu.com/4705-2	Trust: 0.1
url:	https://usn.ubuntu.com/4705-1	Trust: 0.1

sources: VULHUB: VHN-383931 // PACKETSTORM: 162142 // PACKETSTORM: 161137 // PACKETSTORM: 161141 // PACKETSTORM: 161163 // JVNDB: JVNDB-2021-002344 // NVD: CVE-2021-3156

CREDITS

Red Hat

Trust: 0.3

sources: PACKETSTORM: 162142 // PACKETSTORM: 161137 // PACKETSTORM: 161141

SOURCES

db:	VULHUB	id:	VHN-383931
db:	PACKETSTORM	id:	162142
db:	PACKETSTORM	id:	161137
db:	PACKETSTORM	id:	161141
db:	PACKETSTORM	id:	161163
db:	JVNDB	id:	JVNDB-2021-002344
db:	NVD	id:	CVE-2021-3156

LAST UPDATE DATE

2026-02-06T20:27:27.934000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-383931	date:	2022-09-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-002344	date:	2022-09-15T05:47:00
db:	NVD	id:	CVE-2021-3156	date:	2025-11-10T14:41:45.053

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-383931	date:	2021-01-26T00:00:00
db:	PACKETSTORM	id:	162142	date:	2021-04-09T15:06:13
db:	PACKETSTORM	id:	161137	date:	2021-01-27T14:05:54
db:	PACKETSTORM	id:	161141	date:	2021-01-27T14:06:28
db:	PACKETSTORM	id:	161163	date:	2021-01-28T13:59:34
db:	JVNDB	id:	JVNDB-2021-002344	date:	2021-09-06T00:00:00
db:	NVD	id:	CVE-2021-3156	date:	2021-01-26T21:15:12.987