PT-2021-16516 · Suse · Suse Linux Enterprise Server+5

Matthias Gerstner

·

Published

2021-04-30

·

Updated

2024-06-15

·

CVE-2021-25317

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Name of the Vulnerable Software and Affected Versions: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9 SUSE Manager Server 4.0 cups versions prior to 2.2.7 SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5 openSUSE Leap 15.2 cups versions prior to 2.2.7 openSUSE Factory cups version 2.3.3op2-2.1 and prior versions
Description: A vulnerability in the packaging of cups allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content.
Recommendations: For SUSE Linux Enterprise Server 11-SP4-LTSS cups, update to version 1.3.9 or later. For SUSE Manager Server 4.0 cups, update to version 2.2.7 or later. For SUSE OpenStack Cloud Crowbar 9 cups, update to version 1.7.5 or later. For openSUSE Leap 15.2 cups, update to version 2.2.7 or later. For openSUSE Factory cups, update to a version later than 2.3.3op2-2.1.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-25317
OESA-2021-1212
OPENSUSE-SU-2021:0638-1
OPENSUSE-SU-2021_0638-1
OPENSUSE-SU-2024:10707-1
SUSE-SU-2021:1453-1
SUSE-SU-2021:1454-1
SUSE-SU-2021:14712-1
SUSE-SU-2021_1453-1
SUSE-SU-2021_1454-1
SUSE-SU-2021_14712-1

Affected Products

Suse Linux Enterprise Server
Suse Manager Server
Suse Openstack Cloud Crowbar
Suse
Opensuse Factory
Opensuse Leap