Vulnerability Description
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Suse | Arpwatch | < 2.1a15 |
| Suse | Manager Server | 4.0 |
| Suse | Openstack Cloud Crowbar | 9.0 |
| Suse | Linux Enterprise Server | 11 |
| Opensuse | Factory | - |
| Opensuse | Leap | 15.2 |
Related Weaknesses (CWE)
References
- https://bugzilla.suse.com/show_bug.cgi?id=1186240ExploitIssue TrackingVendor Advisory
- https://bugzilla.suse.com/show_bug.cgi?id=1186240ExploitIssue TrackingVendor Advisory
FAQ
What is CVE-2021-25321?
CVE-2021-25321 is a vulnerability with a CVSS score of 7.8 (HIGH). A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 all...
How severe is CVE-2021-25321?
CVE-2021-25321 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-25321?
Check the references section above for vendor advisories and patch information. Affected products include: Suse Arpwatch, Suse Manager Server, Suse Openstack Cloud Crowbar, Suse Linux Enterprise Server, Opensuse Factory.