Sequoia 漏洞 (CVE-2021-33909),听听 PCI DSS 专家怎么说 ?
資訊資訊
- 作业系统帐户的安全性 (PCI DSS Req. 2.1) – 验证本机的所有不必要的预设帐户已被删除或停用。检查目前所有的机器预设帐户是否已被删除或停用,可检查 /etc/password 内的帐户设定是否已删除或是配置 nologin,避免不必要使用者可登入进行恶意漏洞利用攻击。
- 重大风险应于 30 天内完成 Patch 更新 (PCI DSS Req. 6.2) – 安装适用的供应商安全补丁,确保所有系统组件和软件免受已知漏洞的影响。如供应商发布 Patch 后,应在发布后的一个月内安装关键的安全补丁。
检查目前作业系统供应商是否有释出相关 Patch,并尽可能安排时间于一个月内完成作业系统 Patch。如作业系统供应商尚未发布 Patch 则应实施缓解措施。
目前各家系统提供商正如火如荼的发布更新 Patch 来解决这次由 Qualys 安全研究团队所发布的漏洞 (CVE-2021-33909)。目前收集的风险判定 Patch 参考清单可参考下方整理表格:
| 來源 | 风险等级 |
|---|---|
| NESSUS https://www.tenable.com/cve/CVE-2021-33909 | NO SCORE |
| NIST NVD https://nvd.nist.gov/vuln/detail/CVE-2021-33909 | N/A |
| Redhat https://access.redhat.com/security/cve/cve-2021-33909 | CVSS (v3) 7.0 |
| CVE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33909 | Source:· MITRE |
Qualys 安全研究团队目前已经验证了成功取得 root 权限的漏洞作业系统包含 Ubuntu 20.04、Ubuntu 20.10、Ubuntu 21.04、Debian 11 和 Fedora 34 Workstation 等。而其他的 Linux 作业系统也可能因为这次的漏洞产生恶意利用攻击。Linux Server 版本所对应的安全补丁整理:
| 作业系统 | 安全补丁连结 |
|---|---|
| Redhat | https://access.redhat.com/security/cve/cve-2021-33909 |
| CentOS | 尚未發布 |
| SUSE | https://www.suse.com/security/cve/CVE-2021-33909.html |
| ubuntu | https://ubuntu.com/security/CVE-2021-33909 |
如 Patch 尚未出现,可先采用的缓解做法。
sysctl kernel.unprivileged_userns_clone=1 # 将 unprivileged_userns_clone 设定为 0
sysctl kernel.unprivileged_bpf_disabled=1 # 将 unprivileged_bpf_disabled 设定为 1
技术细节请看:https://www.qualys.com/2021/07/20/cve-2021-33909/sequoia-local-privilege-escalation-linux.txt
安律信息技术有限公司 Secure Vectors Information Technologies Inc., 是一家专门从事支付产业安全管理服务的公司,包含技术检测、顾问咨询以即合规审查服务。我们的服务范围包含 PCI DSS 、PCI 3DS、PCI PIN Security 等支付卡产业安全标准并提供个人资料保护及 GDPR 适法性查检与顾问服务。 安律信息技术在美国、中国、新加坡、越南、台湾等地设有服务据点,提供完整的服务。与合规相关的产品包含认证服务(合规审查)、合规安全代管以及合规管理平台等服务。
- PCI 安全认证: www.securevectors.com
- SecuCollab 合规安全代管服务: www.secucollab.com
- SecuCompliance 合规管理平台: www.secucompliance.com
* 如想了解更多合规服务,欢迎与我们联系 service@securevectors.com
你可能会喜欢看
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
0
0
YSLu
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
YSLu2025-12-16 15:47:142025-12-16 15:49:13如何達成 PCI DSS v4.0 條文中 12.4.2 針對服務供應商的額外要求?
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2025/07/Header_Article-1_cn-scaled.jpg?fit=2560%2C1919&ssl=1
1919
2560
Andrew
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
Andrew2025-07-15 10:40:382025-07-15 15:49:50🔒 微软释出重大资安更新:修补 130 项漏洞!
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2024/11/PCI-DSS-SAQ-type_SC.png?fit=2882%2C2122&ssl=1
2122
2882
YSLu
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
YSLu2024-11-09 17:11:232025-07-18 15:56:05您适用哪一个 PCI DSS SAQ 类型?
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2024/06/News-0830.png?fit=838%2C628&ssl=1
628
838
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2024-09-08 09:35:372025-12-16 14:55:57【PCI DSS 过证懒人包】资安小白也能轻松达标
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2023/08/2023-08-01-%E6%BC%8F%E6%B4%9E%E4%BF%AE%E8%A3%9C%E6%84%8F%E8%B1%A1%E5%9C%96-%E6%96%B9%E7%89%88_%E7%B0%A1%E4%B8%AD.jpg?fit=960%2C720&ssl=1
720
960
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2023-08-15 17:43:242025-12-19 17:20:30【GCP】使用 GCP 的 CI/CD 服务 Google Cloud Build 要小心了!
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2023/07/20230725-%E7%B0%A1%E4%B8%AD-%E6%96%B9%E7%89%88.jpg?fit=1280%2C960&ssl=1
960
1280
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2023-07-31 11:01:212025-12-19 17:22:31【FortiOS】SSL-VPN 重大安全漏洞 (CVE-2023-27997) 你修复了吗?
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2021/07/Screenshot-2021-07-30-172522.jpg?fit=464%2C345&ssl=1
345
464
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2021-08-02 16:24:362023-09-15 21:25:30Sequoia 漏洞 (CVE-2021-33909),听听 PCI DSS 专家怎么说 ?
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2021/07/%E5%8D%B3%E5%88%BB%E5%9B%A0%E6%87%89-Windows-1011-%E6%8F%90%E5%85%A8%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E-2.png?fit=1200%2C628&ssl=1
628
1200
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2021-07-30 10:15:532023-09-15 21:25:30即刻因应: Windows 10/11 (CVE-2021-36934) 提全安全漏洞
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2021/02/PCI-3DS-%E9%A9%97%E8%AD%89-3-%E6%AD%A5%E9%A9%9F-scaled.jpg?fit=2560%2C1564&ssl=1
1564
2560
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2021-02-02 16:37:162023-09-15 21:25:30PCI 3DS 验证 3 步骤
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
0
0
YSLu
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
YSLu2025-12-16 15:47:142025-12-16 15:49:13如何達成 PCI DSS v4.0 條文中 12.4.2 針對服務供應商的額外要求?
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2025/07/Header_Article-1_cn-scaled.jpg?fit=2560%2C1919&ssl=1
1919
2560
Andrew
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
Andrew2025-07-15 10:40:382025-07-15 15:49:50🔒 微软释出重大资安更新:修补 130 项漏洞!
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2025/01/%E5%9C%96%E7%89%871.png?fit=3303%2C2475&ssl=1
2475
3303
YSLu
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
YSLu2025-01-23 14:47:042025-03-10 11:07:58PCI DSS v4.0.1 合规培训课程_深圳
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2024/06/News-0830.png?fit=838%2C628&ssl=1
628
838
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2024-09-08 09:35:372025-12-16 14:55:57【PCI DSS 过证懒人包】资安小白也能轻松达标
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2023/08/2023-08-01-%E6%BC%8F%E6%B4%9E%E4%BF%AE%E8%A3%9C%E6%84%8F%E8%B1%A1%E5%9C%96-%E6%96%B9%E7%89%88_%E7%B0%A1%E4%B8%AD.jpg?fit=960%2C720&ssl=1
720
960
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2023-08-15 17:43:242025-12-19 17:20:30【GCP】使用 GCP 的 CI/CD 服务 Google Cloud Build 要小心了!
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2021/07/Screenshot-2021-07-30-172522.jpg?fit=464%2C345&ssl=1
345
464
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2021-08-02 16:24:362023-09-15 21:25:30Sequoia 漏洞 (CVE-2021-33909),听听 PCI DSS 专家怎么说 ?
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2021/07/%E5%8D%B3%E5%88%BB%E5%9B%A0%E6%87%89-Windows-1011-%E6%8F%90%E5%85%A8%E5%AE%89%E5%85%A8%E6%BC%8F%E6%B4%9E-2.png?fit=1200%2C628&ssl=1
628
1200
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2021-07-30 10:15:532023-09-15 21:25:30即刻因应: Windows 10/11 (CVE-2021-36934) 提全安全漏洞
https://i0.wp.com/www.securevectors.com/wp-content/uploads/2021/07/Protect-Payment-Card-Data-1.png?fit=1920%2C1080&ssl=1
1080
1920
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2021-07-29 14:44:132023-09-15 21:25:30八大秘诀让中小企业在疫情中保护信用卡资料
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
0
0
arthur.li
https://www.securevectors.com/wp-content/uploads/2024/02/logo.svg
arthur.li2018-08-16 15:05:082018-08-16 17:15:47支付卡营运标准的安全管理层次与精神