Vulnerability Description
A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Cups | < 1.3.9 |
| Suse | Linux Enterprise Server | 11 |
| Fedoraproject | Fedora | 32 |
| Suse | Manager Server | 4.0 |
| Suse | Openstack Cloud Crowbar | 9.0 |
| Opensuse | Leap | 15.2 |
| Opensuse | Factory | - |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1184161Issue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://bugzilla.suse.com/show_bug.cgi?id=1184161Issue TrackingVendor Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
FAQ
What is CVE-2021-25317?
CVE-2021-25317 is a vulnerability with a CVSS score of 3.3 (LOW). A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory...
How severe is CVE-2021-25317?
CVE-2021-25317 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25317?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Cups, Suse Linux Enterprise Server, Fedoraproject Fedora, Suse Manager Server, Suse Openstack Cloud Crowbar.