PT-2022-9150 · Debian · Debian-Edu-Config

Dustin Hermann

Published

2022-02-11

Updated

2022-02-22

CVE-2021-20001

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions debian-edu-config versions prior to 2.12.16

Description It was discovered that debian-edu-config, a set of configuration files used for the Debian Edu blend, configured insecure permissions for the user web shares (~/public html), which could result in privilege escalation.

Recommendations For versions prior to 2.12.16, update to version 2.12.16 or later to resolve the issue. As a temporary workaround, consider restricting access to the user web shares (~/public html) until the update is applied.

Fix

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-276

Related Identifiers

CVE-2021-20001

DLA-2918-1

DSA-5072-1

Affected Products

Debian-Edu-Config

PT-2022-9150 · Debian · Debian-Edu-Config

CVE-2021-20001

Weakness Enumeration

Related Identifiers

Affected Products

References · 15