Login Sign Up

CVE-2021-27116

7.8 HIGH

📋 TL;DR

This vulnerability in Beego's MemProf function allows local attackers to perform symlink attacks, potentially overwriting arbitrary files on the system. It affects all users running Beego web framework versions up to 2.0.2. The attack requires local access to the system where Beego is running.

💻 Affected Systems

Products:
  • Beego web framework
Versions: All versions through 2.0.2
Operating Systems: Linux, Unix-like systems with symlink support
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where the MemProf functionality is enabled and accessible to local users.

📦 What is this software?

Beego by Beego

View all CVEs affecting Beego →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attacker gains root privileges by overwriting critical system files like /etc/passwd or /etc/shadow, leading to complete system compromise.

🟠

Likely Case

Local user escalates privileges by overwriting configuration files or gaining unauthorized access to sensitive data.

🟢

If Mitigated

Attack limited to file overwrites within the application's directory with proper file permissions and isolation.

🌐 Internet-Facing: LOW - Requires local access to the system, cannot be exploited remotely over the network.
🏢 Internal Only: HIGH - Any local user on the system can potentially exploit this to escalate privileges or compromise the application.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system and knowledge of the target file paths. The symlink attack technique is well-known and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.3 and later

Vendor Advisory: https://github.com/beego/beego/issues/4484

Restart Required: Yes

Instructions:

1. Update Beego to version 2.0.3 or later using 'go get -u github.com/beego/beego/v2@v2.0.3' 2. Rebuild and redeploy your application 3. Restart the Beego service

🔧 Temporary Workarounds

Disable memory profiling

all

Disable the MemProf functionality if not required

Set EnableMemProf = false in your Beego configuration

Restrict file permissions

linux

Run Beego with minimal privileges and restrict write access to sensitive directories

chmod 755 /path/to/beego/directories
run beego as non-root user

🧯 If You Can't Patch

  • Run Beego application in a container with restricted filesystem access
  • Implement strict file permission controls and run the application with minimal privileges

🔍 How to Verify

Check if Vulnerable:

Check Beego version in go.mod or via 'beego version' command. If version is 2.0.2 or earlier and MemProf is enabled, system is vulnerable.

Check Version:

beego version

Verify Fix Applied:

Verify Beego version is 2.0.3 or later and test that symlink attacks against the MemProf endpoint are blocked.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed attempts to access memory profiling endpoints
  • Unusual file creation/modification in Beego directories

Network Indicators:

  • Local connections to memory profiling ports (typically 8088)

SIEM Query:

source="beego.log" AND ("MemProf" OR "memory profile") AND (response_code="200" OR "file operation")

📊 Metadata

CVE ID: CVE-2021-27116
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-59
Published: April 5, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-27116, you might also want to check these:

CVE-2024-37143 10.0

This CVE describes an Improper Link Resolution Before File Access vulnerability in multiple Dell Pow...

Same vulnerability type (CWE-59)
CVE-2024-28185 10.0

CVE-2024-28185 is a critical symlink vulnerability in Judge0 that allows attackers to write arbitrar...

Same vulnerability type (CWE-59)
CVE-2024-48862 9.8

CVE-2024-48862 is a path traversal vulnerability in QNAP's QuLog Center that allows remote attackers...

Same vulnerability type (CWE-59)