Lucene search

SuseCVELIST:CVE-2021-36781

HistoryJan 14, 2022 - 10:40 a.m.

CVE-2021-36781 parsec: dangerous 777 permissions for /run/parsec

2022-01-1410:40:09

CWE-276

suse

www.cve.org

cve-2021-36781

opensuse factory

parsec

incorrect default permissions

dos

imposter service

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

Percentile

5.1%

JSON

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

CNA Affected

[
  {
    "product": "Factory",
    "vendor": "openSUSE",
    "versions": [
      {
        "lessThan": "0.8.1-1.1",
        "status": "affected",
        "version": "parsec",
        "versionType": "custom"
      }
    ]
  }
]

References

bugzilla.suse.com/show_bug.cgi?id=1193484

CVSS3

5.9

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

5.8

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVELIST:CVE-2021-36781