PT-2022-15199 · Canna+2 · Canna+2
Matthias Gerstner
·
Published
2022-08-16
·
Updated
2023-04-14
·
CVE-2022-21950
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
canna versions prior to canna-3.7p3-bp153.2.3.1
canna versions prior to 3.7p3-bp154.3.3.1
Description
An Improper Access Control issue in the systemd service of canna in openSUSE Backports SLE-15-SP3 and openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket. This issue affects openSUSE Backports SLE-15-SP3 and openSUSE Backports SLE-15-SP4. The issue was resolved in openSUSE Factory by deleting the package instead of fixing it.
Recommendations
For canna versions prior to canna-3.7p3-bp153.2.3.1, update to a version that moves the UNIX socket directory from /tmp to /run to avoid local attackers being able to place bogus directories in its stead.
For canna versions prior to 3.7p3-bp154.3.3.1, update to a version that moves the UNIX socket directory from /tmp to /run to avoid local attackers being able to place bogus directories in its stead.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Canna
Opensuse
Systemd