CVE-2021-25317

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2021-25317
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.

3.3 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.1 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
https://bugzilla.suse.com/show_bug.cgi?id=1184161 Issue Tracking Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H74BP746O5NNVCBUTLLZYAFBPESFVECV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/S37IDQGHTORQ3Z6VRDQIGBYVOI27YG47/
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*
History

27 May 2021, 16:37

Type Values Removed Values Added
CPE cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
References (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/ - (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GWPGZLT3U776Q5YPPSA6LGFWWBDWBVH3/ - Mailing List, Third Party Advisory
Information

Published : 2021-05-05 10:15

Updated : 2024-02-04 21:47

NVD link : CVE-2021-25317

Mitre link : CVE-2021-25317

CVE.ORG link : CVE-2021-25317

JSON object : View

Products Affected

suse

  • cups
  • openstack_cloud_crowbar
  • manager_server
  • linux_enterprise_server

opensuse

  • leap
  • factory

fedoraproject

  • fedora
CWE
CWE-276

Incorrect Default Permissions