Test ID:	1.3.6.1.4.1.25623.1.0.845086
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-5100-1)
Summary:	The remote host is missing an update for the 'containerd' package(s) announced via the USN-5100-1 advisory.
Description:	Summary: The remote host is missing an update for the 'containerd' package(s) announced via the USN-5100-1 advisory. Vulnerability Insight: It was discovered that containerd insufficiently restricted permissions on container root and plugin directories. If a user or automated system were tricked into launching a specially crafted container image, a remote attacker could traverse directory contents and modify files and execute programs on the host filesystem, possibly leading to privilege escalation. Affected Software/OS: 'containerd' package(s) on Ubuntu 18.04, Ubuntu 20.04, Ubuntu 21.04. Solution: Please install the updated package(s). CVSS Score: 7.2 CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2021-41103 https://github.com/containerd/containerd/security/advisories/GHSA-c2h3-6mxw-7mvq Debian Security Information: DSA-5002 (Google Search) https://www.debian.org/security/2021/dsa-5002 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/ https://security.gentoo.org/glsa/202401-31 https://github.com/containerd/containerd/commit/5b46e404f6b9f661a205e28d59c982d3634148f8
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.