CVE-2021-25321 - OpenCVE

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Opensuse	Leap Factory
Suse	Manager Server Arpwatch Linux Enterprise Server Openstack Cloud Crowbar

Configuration 1 [-]

AND

cpe:2.3:a:suse:arpwatch:*:*:*:*:*:*:*:*

OR	cpe:2.3:a:suse:manager_server:4.0:::::::*
	cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp4:::ltss:::*

Configuration 2 [-]

AND

cpe:2.3:a:suse:arpwatch:*:*:*:*:*:*:*:*

cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:a:suse:arpwatch:*:*:*:*:*:*:*:*

cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

References

Link	Resource
https://bugzilla.suse.com/show_bug.cgi?id=1186240	Exploit Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: suse

Published: 2021-06-28T00:00:00

Updated: 2021-06-30T08:25:12

Reserved: 2021-01-19T00:00:00

Link: CVE-2021-25321

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-06-30T09:15:08.150

Modified: 2023-06-22T19:09:02.960

Link: CVE-2021-25321

JSON object: View

Redhat Information

No data.

CWE

{"containers": {"cna": {"affected": [{"product": "SUSE Linux Enterprise Server 11-SP4-LTSS", "vendor": "SUSE", "versions": [{"lessThan": "2.1a15", "status": "affected", "version": "arpwatch", "versionType": "custom"}]}, {"product": "SUSE Manager Server 4.0", "vendor": "SUSE", "versions": [{"lessThan": "2.1a15", "status": "affected", "version": "arpwatch", "versionType": "custom"}]}, {"product": "SUSE OpenStack Cloud Crowbar 9", "vendor": "SUSE", "versions": [{"lessThan": "2.1a15", "status": "affected", "version": "arpwatch", "versionType": "custom"}]}, {"product": "Factory", "vendor": "openSUSE", "versions": [{"lessThanOrEqual": "2.1a15-169.5", "status": "affected", "version": "arpwatch", "versionType": "custom"}]}, {"product": "Leap 15.2", "vendor": "openSUSE", "versions": [{"lessThanOrEqual": "2.1a15-lp152.5.5", "status": "affected", "version": "arpwatch", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Johannes Segitz of SUSE"}], "datePublic": "2021-06-28T00:00:00", "descriptions": [{"lang": "en", "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-61", "description": "CWE-61: UNIX Symbolic Link (Symlink) Following", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-06-30T08:25:12", "orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "shortName": "suse"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"}], "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1186240", "defect": ["1186240"], "discovery": "INTERNAL"}, "title": "arpwatch: Local privilege escalation from runtime user to root", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@suse.com", "DATE_PUBLIC": "2021-06-28T00:00:00.000Z", "ID": "CVE-2021-25321", "STATE": "PUBLIC", "TITLE": "arpwatch: Local privilege escalation from runtime user to root"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS", "version": {"version_data": [{"version_affected": "<", "version_name": "arpwatch", "version_value": "2.1a15"}]}}, {"product_name": "SUSE Manager Server 4.0", "version": {"version_data": [{"version_affected": "<", "version_name": "arpwatch", "version_value": "2.1a15"}]}}, {"product_name": "SUSE OpenStack Cloud Crowbar 9", "version": {"version_data": [{"version_affected": "<", "version_name": "arpwatch", "version_value": "2.1a15"}]}}]}, "vendor_name": "SUSE"}, {"product": {"product_data": [{"product_name": "Factory", "version": {"version_data": [{"version_affected": "<=", "version_name": "arpwatch", "version_value": "2.1a15-169.5"}]}}, {"product_name": "Leap 15.2", "version": {"version_data": [{"version_affected": "<=", "version_name": "arpwatch", "version_value": "2.1a15-lp152.5.5"}]}}]}, "vendor_name": "openSUSE"}]}}, "credit": [{"lang": "eng", "value": "Johannes Segitz of SUSE"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-61: UNIX Symbolic Link (Symlink) Following"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.suse.com/show_bug.cgi?id=1186240", "refsource": "CONFIRM", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"}]}, "source": {"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1186240", "defect": ["1186240"], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb", "assignerShortName": "suse", "cveId": "CVE-2021-25321", "datePublished": "2021-06-28T00:00:00", "dateReserved": "2021-01-19T00:00:00", "dateUpdated": "2021-06-30T08:25:12", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:arpwatch:*:*:*:*:*:*:*:*", "matchCriteriaId": "6838A554-093A-4125-BB0A-63BBA1017976", "versionEndExcluding": "2.1a15", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "51136B38-5715-49B3-BD8D-91F90632247D", "vulnerable": false}, {"criteria": "cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "B631400C-0A5A-45A3-9DFA-B419E83D324E", "vulnerable": false}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*", "matchCriteriaId": "7B84C8D3-0B59-40DC-881D-D016A422E8CC", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:arpwatch:*:*:*:*:*:*:*:*", "matchCriteriaId": "928A6B2B-B06B-4E75-8A65-C30A83B26B80", "versionEndIncluding": "2.1a15-169.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*", "matchCriteriaId": "E29492E1-43D8-43BF-94E3-26A762A66FAA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:suse:arpwatch:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0862012-0FB3-4216-A47B-AFDCA202DE08", "versionEndIncluding": "2.1a15-lp152.5.5", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*", "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."}, {"lang": "es", "value": "Una vulnerabilidad de Seguimiento de Enlaces Simb\u00f3licos UNIX (Symlink) en arpwatch de SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server versi\u00f3n 4.0, SUSE OpenStack Cloud Crowbar versi\u00f3n 9; openSUSE Factory, Leap versi\u00f3n 15.2, permite a atacantes locales con control del usuario en runtime ejecutar arpwatch como escalar a root en el siguiente reinicio de arpwatch. Este problema afecta a: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versiones anteriores a 2.1a15. SUSE Manager Server 4.0 arpwatch versiones anteriores a 2.1a15. SUSE OpenStack Cloud Crowbar 9 versiones arpwatch anteriores a 2.1a15. openSUSE Factory versi\u00f3n arpwatch 2.1a15-169.5 y versiones anteriores. openSUSE Leap 15.2 versi\u00f3n arpwatch 2.1a15-lp152.5.5 y versiones anteriores"}], "id": "CVE-2021-25321", "lastModified": "2023-06-22T19:09:02.960", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "meissner@suse.de", "type": "Secondary"}]}, "published": "2021-06-30T09:15:08.150", "references": [{"source": "meissner@suse.de", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"}], "sourceIdentifier": "meissner@suse.de", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-61"}], "source": "meissner@suse.de", "type": "Secondary"}]}