Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:14759-1

Опубликовано: 28 июн. 2021
Источник: suse-cvrf

Описание

Security update for arpwatch

This update for arpwatch fixes the following issues:

  • CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).

Список пакетов

SUSE Linux Enterprise Point of Sale 11 SP3
arpwatch-2.1a15-131.23.2.6.1
SUSE Linux Enterprise Server 11 SP4-LTSS
arpwatch-2.1a15-131.23.2.6.1

Ссылки

Описание

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:arpwatch-2.1a15-131.23.2.6.1
SUSE Linux Enterprise Server 11 SP4-LTSS:arpwatch-2.1a15-131.23.2.6.1
Ссылки
Уязвимость SUSE-SU-2021:14759-1