CVE-2021-25321
published 2021-06-30CVE-2021-25321: A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud…
high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | arpwatch | — | — |
| opensuse | factory | arpwatch – 2.1a15-169.5 | — |
| opensuse | leap_15.2 | arpwatch – 2.1a15-lp152.5.5 | — |
| suse | arpwatch | < 2.1a15 | 2.1a15 |
| suse | arpwatch | <= 2.1a15-169.5 | — |
| suse | arpwatch | <= 2.1a15-lp152.5.5 | — |
| suse | suse_linux_enterprise_server_11-sp4-ltss | >= arpwatch < 2.1a15 | 2.1a15 |
| suse | suse_manager_server_4.0 | >= arpwatch < 2.1a15 | 2.1a15 |
| suse | suse_openstack_cloud_crowbar_9 | >= arpwatch < 2.1a15 | 2.1a15 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH