Published: 30/06/2021 Updated: 22/06/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions before 2.1a15. SUSE Manager Server 4.0 arpwatch versions before 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions before 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

Vulnerable Product	Search on Vulmon	Subscribe to Product
suse arpwatch

No description is available for this CVE ...

A security issue has been found in arpwatch as packaged by SUSE /var/lib/arpwatch is packaged as root:root Once arpwatch was run with a unprivileged user the ownership is changed to the unprivileged user, which allows the user specified to escalate to root the next time arpwatch is started This is due to a SUSE-specific patch, upstream is not af ...

NVD-CWE-Other https://bugzilla.suse.com/show_bug.cgi?id=1186240 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2021-25321

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-25321

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect