CVE-2021-25321

2021-06-3009:15:08

Debian Security Bug Tracker

security-tracker.debian.org

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.2%

JSON

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

OSVersionArchitecturePackageVersionFilename
Debian12allarpwatch< 2.1a15-8arpwatch_2.1a15-8_all.deb
Debian11allarpwatch< 2.1a15-8arpwatch_2.1a15-8_all.deb
Debian10allarpwatch< 2.1a15-7arpwatch_2.1a15-7_all.deb
Debian999allarpwatch< 2.1a15-8.1arpwatch_2.1a15-8.1_all.deb
Debian13allarpwatch< 2.1a15-8.1arpwatch_2.1a15-8.1_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	arpwatch	< 2.1a15-8	arpwatch_2.1a15-8_all.deb
Debian	11	all	arpwatch	< 2.1a15-8	arpwatch_2.1a15-8_all.deb
Debian	10	all	arpwatch	< 2.1a15-7	arpwatch_2.1a15-7_all.deb
Debian	999	all	arpwatch	< 2.1a15-8.1	arpwatch_2.1a15-8.1_all.deb
Debian	13	all	arpwatch	< 2.1a15-8.1	arpwatch_2.1a15-8.1_all.deb