CVE-2021-3899

Опубликовано: 03 июн. 2024

Источник: nvd

CVSS3: 7.8

EPSS Низкий

Описание

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

Ссылки

https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
Issue Tracking
Patch
https://ubuntu.com/security/notices/USN-5427-1
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2021-3899
Third Party Advisory
https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376
Issue Tracking
Patch
https://ubuntu.com/security/notices/USN-5427-1
Vendor Advisory
https://www.cve.org/CVERecord?id=CVE-2021-3899
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:canonical:apport:*:*:*:*:*:*:*:*

Версия до 2.21.0 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:21.10:*:*:*:*:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:22.04:*:*:*:lts:*:*:*

EPSS

Процентиль: 86%

0.03143

Низкий

7.8 High

CVSS3

Дефекты

CWE-367

Связанные уязвимости

CVE-2021-3899

CVSS3: 7.8

ubuntu

больше 1 года назад

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

GHSA-m676-gr96-hhhh

CVSS3: 7.8

github

больше 1 года назад

There is a race condition in the 'replaced executable' detection that, with the correct local configuration, allow an attacker to execute arbitrary code as root.

EPSS

Процентиль: 86%

0.03143

Низкий

7.8 High

CVSS3

Дефекты

CWE-367