CVE-2021-25630

Опубликовано: 23 фев. 2021

Источник: nvd

CVSS3: 7.8

CVSS2: 7.2

EPSS Низкий

Описание

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

Ссылки

https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/01/18/3
Mailing List
Third Party Advisory
https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v
Third Party Advisory
https://www.openwall.com/lists/oss-security/2021/01/18/3
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:collaboraoffice:online:*:*:*:*:*:*:*:*

Версия от 4.2.0 (включая) до 4.2.13 (исключая)

cpe:2.3:a:collaboraoffice:online:*:*:*:*:*:*:*:*

Версия от 6.4.0 (включая) до 6.4.3 (исключая)

EPSS

Процентиль: 12%

0.0004

Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-269