CVE-2021-29005

Name of the Vulnerable Software and Affected Versions: rConfig server version 3.9.6

Description: The issue is related to insecure permissions of the chmod command on the rConfig server. After installation, the apache user may execute chmod as root without a password, potentially allowing an attacker with low privileges to gain root access on the server.

Recommendations: For rConfig server version 3.9.6, consider restricting the execution of the chmod command by the apache user to prevent unauthorized access. As a temporary workaround, review and adjust the permissions of the chmod command to ensure it cannot be executed as root without proper authentication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.