CVE-2021-42257

Опубликовано: 11 окт. 2021

Источник: nvd

CVSS3: 7.1

CVSS2: 3.6

EPSS Низкий

Описание

check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.

Ссылки

http://www.openwall.com/lists/oss-security/2021/10/14/2
Exploit
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1183057
Exploit
Issue Tracking
Patch
Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-42257
https://www.claudiokuenzler.com/blog/1068/check_smart-6.9.1-security-fix-release-pseudo-device-path
Third Party Advisory
https://www.claudiokuenzler.com/monitoring-plugins/check_smart.php
Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/14/2
Exploit
Third Party Advisory
https://bugzilla.suse.com/show_bug.cgi?id=1183057
Exploit
Issue Tracking
Patch
Third Party Advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-42257
https://www.claudiokuenzler.com/blog/1068/check_smart-6.9.1-security-fix-release-pseudo-device-path
Third Party Advisory
https://www.claudiokuenzler.com/monitoring-plugins/check_smart.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:check_smart_project:check_smart:*:*:*:*:*:*:*:*

Версия до 6.9.1 (исключая)

EPSS

Процентиль: 32%

0.00124

Низкий

7.1 High

CVSS3

3.6 Low

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-xmf9-f5j5-mm5x