CVE-2021-33393

Name of the Vulnerable Software and Affected Versions IPFire version 2.25-core155

Description The issue is related to the ownership of certain files, specifically /var/ipfire/backup/bin/backup.pl, which may not be owned by the root account. This could potentially allow an unprivileged account to install a malicious script that is later executed by root. Similar problems with the ownership and permissions of other files may also be present.

Recommendations For IPFire version 2.25-core155, ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account to prevent potential exploitation. As a temporary workaround, consider restricting access to the backup.pl script until the issue is resolved. Additionally, review the ownership and permissions of other files to identify and address any similar problems.