CVE-2021-26936 - OpenCVE

The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Replaysorcery Project	Replaysorcery

Configuration 1 [-]

cpe:2.3:a:replaysorcery_project:replaysorcery:*:*:*:*:*:*:*:*

References

Link	Resource
http://www.openwall.com/lists/oss-security/2021/02/10/1	Exploit Mailing List Patch Third Party Advisory
https://github.com/matanui159/ReplaySorcery/releases	Release Notes Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-10T17:53:59

Updated: 2021-02-10T17:53:59

Reserved: 2021-02-09T00:00:00

Link: CVE-2021-26936

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-02-10T18:15:13.017

Modified: 2021-02-16T20:36:56.207

Link: CVE-2021-26936

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:replaysorcery_project:replaysorcery:*:*:*:*:*:*:*:*", "matchCriteriaId": "0062FD04-44AE-4EB5-A32A-9F93F388B5A1", "versionEndIncluding": "0.5.0", "versionStartIncluding": "0.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The replay-sorcery program in ReplaySorcery 0.4.0 through 0.5.0, when using the default setuid-root configuration, allows a local attacker to escalate privileges to root by specifying video output paths in privileged locations."}, {"lang": "es", "value": "El programa replay-sorcery en ReplaySorcery versiones 0.4.0 hasta 0.5.0, cuando se usa la configuraci\u00f3n setuid-root predeterminada, permite a un atacante local escalar privilegios a root al especificar rutas de salida de video en ubicaciones privilegiadas"}], "id": "CVE-2021-26936", "lastModified": "2021-02-16T20:36:56.207", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-10T18:15:13.017", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2021/02/10/1"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/matanui159/ReplaySorcery/releases"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}