"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.
References
Link | Resource |
---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v | Third Party Advisory |
https://www.openwall.com/lists/oss-security/2021/01/18/3 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Document Fdn.
Published: 2021-01-26T00:00:00
Updated: 2021-02-23T15:33:49
Reserved: 2021-01-19T00:00:00
Link: CVE-2021-25630
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-02-23T16:15:13.253
Modified: 2021-02-27T03:04:30.353
Link: CVE-2021-25630
JSON object: View
Redhat Information
No data.
CWE