PT-2021-3520 · Rpm+7 · Rpm+7

Malte Kraus

Published

2021-06-30

Updated

2024-06-15

CVE-2021-35938

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions RPM (affected versions not specified)

Description A symbolic link issue was found in rpm, occurring when rpm sets the desired permissions and credentials after installing a file. This flaw could be exploited by a local unprivileged user to exchange the original file with a symbolic link to a security-critical file, potentially escalating their privileges on the system. The highest threat from this issue is to data confidentiality and integrity as well as system availability.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

ALSA-2024:0463

ALSA-2024:0647

ALT-PU-2021-2518

ALT-PU-2021-2600

AZL-10723

BDU:2021-03569

CESA-2024_0647

CVE-2021-35938

OESA-2022-1897

OPENSUSE-SU-2024:12562-1

RHSA-2024:0424

RHSA-2024:0435

RHSA-2024:0453

RHSA-2024:0463

RHSA-2024:0582

RHSA-2024:0647

RHSA-2024_0463

RHSA-2024_0647

RLSA-2024:0647

Affected Products

Alt Linux

Almalinux

Centos

Debian

Rpm

Red Hat

Red Os

Rocky Linux

PT-2021-3520 · Rpm+7 · Rpm+7

CVE-2021-35938

Weakness Enumeration

Related Identifiers

Affected Products

References · 46