CVE-2021-44038
published 2021-11-19CVE-2021-44038: An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned…
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.76%
50.7th percentile
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | cbl2_quagga_on_cbl_mariner_2.0 | — | — |
| quagga | quagga | <= 1.2.4 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.8HIGH
vendor_msrc7.8HIGH
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
quagga: unsafe chown/chmod operations may lead to privileges escalation
vendor_redhat·2021-11-19·CVSS 7.8
CVE-2021-44038 [HIGH] CWE-287 quagga: unsafe chown/chmod operations may lead to privileges escalation
quagga: unsafe chown/chmod operations may lead to privileges escalation
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
Package: quagga (Red Hat Enterprise Linux 6) - Out of support scope
Package: quagga (Red Hat Enterprise Linux 7) - Out of support scope
Microsoft
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privi
vendor_msrc·2021-11-09·CVSS 7.8
CVE-2021-44038 [HIGH] CWE-59 An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privi
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to add
GHSA
GHSA-h99v-fr29-7p28: An issue was discovered in Quagga through 1
ghsa_unreviewed·2021-11-20
CVE-2021-44038 [HIGH] CWE-269 GHSA-h99v-fr29-7p28: An issue was discovered in Quagga through 1
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
OSV
CVE-2021-44038: An issue was discovered in Quagga through 1
osv·2021-11-19·CVSS 7.8
CVE-2021-44038 [HIGH] CVE-2021-44038: An issue was discovered in Quagga through 1
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-11-19
Published