PT-2021-3473 · Suse · Suse Linux Enterprise Server+5

Johannes Segitz

·

Published

2021-05-19

·

Updated

2024-06-15

·

CVE-2021-25321

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15 SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15 SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15 openSUSE Factory arpwatch versions prior to 2.1a15-169.5 openSUSE Leap 15.2 arpwatch versions prior to 2.1a15-lp152.5.5
Description A UNIX Symbolic Link (Symlink) Following issue in arpwatch allows local attackers with control of the runtime user to run arpwatch and escalate to root upon the next restart of arpwatch. This is due to incorrect permission assignment for files. The issue can be exploited by a local attacker to gain root privileges.
Recommendations For SUSE Linux Enterprise Server 11-SP4-LTSS, update arpwatch to version 2.1a15 or later. For SUSE Manager Server 4.0, update arpwatch to version 2.1a15 or later. For SUSE OpenStack Cloud Crowbar 9, update arpwatch to version 2.1a15 or later. For openSUSE Factory, update arpwatch to version 2.1a15-169.5 or later. For openSUSE Leap 15.2, update arpwatch to version 2.1a15-lp152.5.5 or later.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-61

Related Identifiers

BDU:2021-03387
CVE-2021-25321
MGASA-2021-0515
OPENSUSE-SU-2021:0945-1
OPENSUSE-SU-2021:2177-1
OPENSUSE-SU-2021_0945-1
OPENSUSE-SU-2021_2177-1
OPENSUSE-SU-2024:10634-1
SUSE-SU-2021:14759-1
SUSE-SU-2021:2175-1
SUSE-SU-2021:2177-1
SUSE-SU-2021_14759-1
SUSE-SU-2021_2175-1
SUSE-SU-2021_2177-1

Affected Products

Suse Linux Enterprise Server
Suse Manager Server
Suse Openstack Cloud Crowbar
Suse
Opensuse Factory
Opensuse Leap