CVE-2021-3978

CVSS v3.1

7.5

High

Vector

AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: octorpki versions up to 1.4.1

Description: The issue arises when octorpki uses the "-a" flag with rsync, which forces the copying of binaries with the suid bit set as root. Given that the service definition defaults to root, this could potentially allow for a local privilege escalation vector when combined with another vulnerability that causes octorpki to process a malicious TAL file.

Recommendations: octorpki versions up to 1.4.1: Update the service definition to not default to root and avoid using the "-a" flag with rsync to prevent copying binaries with the suid bit set as root. As a temporary workaround, consider restricting access to the rsync command and the octorpki service to minimize the risk of exploitation.

Fix

LPE

Improper Privilege Management

Improper Preservation of Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-281

Related Identifiers

CVE-2021-3978

DSA-5041-1

GHSA-3PQH-P72C-FJ85

GO-2022-0580

Affected Products

Octorpki

Rsync

CVE-2021-3978

Weakness Enumeration

Related Identifiers

Affected Products

References · 17