PT-2021-3366 · Suse · Suse Linux Enterprise Server+3

Johannes Segitz

·

Published

2021-02-16

·

Updated

2021-06-24

·

CVE-2021-31998

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions openSUSE Leap versions prior to 2.6.2 SUSE Linux Enterprise Server 11-SP3 version inn-2.4.2-170.21.3.1 and prior versions openSUSE Backports SLE-15-SP2 versions prior to 2.6.2
Description The issue is related to insufficient access control in the inn package, which can be exploited by an attacker to escalate their privileges from the news user to root. This allows local attackers to gain elevated access.
Recommendations For openSUSE Leap versions prior to 2.6.2, update to version 2.6.2 or later. For SUSE Linux Enterprise Server 11-SP3 version inn-2.4.2-170.21.3.1 and prior versions, update to a version later than inn-2.4.2-170.21.3.1. For openSUSE Backports SLE-15-SP2 versions prior to 2.6.2, update to version 2.6.2 or later.

Exploit

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

BDU:2021-03212
CVE-2021-31998
OPENSUSE-SU-2021:0830-1
OPENSUSE-SU-2021:0845-1
OPENSUSE-SU-2021_0830-1
SUSE-SU-2021:14750-1
SUSE-SU-2021_14750-1

Affected Products

Suse Linux Enterprise Server
Suse
Opensuse Backports Sle-15-Sp2
Opensuse Leap