Exploit
CVE-2021-25321

UNIX Symbolic Link (Symlink) Following (CWE-61)

Published: Jun 30, 2021 / Updated: 40mo ago

010
CVSS 7.8EPSS 0.04%High
CVE info copied to clipboard

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2021-25321. See article

Jun 28, 2021 at 8:10 PM / www.pro-linux.de
EPSS

EPSS Score was set to: 0.04% (Percentile: 5.7%)

Sep 15, 2023 at 1:11 PM
Static CVE Timeline Graph

Affected Systems

Suse/arpwatch
+null more

Exploits

https://bugzilla.suse.com/show_bug.cgi?id=1186240
+null more

Patches

bugzilla.suse.com
+null more

Links to Mitre Att&cks

T1547.009: Shortcut Modification
+null more

Attack Patterns

CAPEC-27: Leveraging Race Conditions via Symbolic Links
+null more

References

openSUSE-SU-2021:0945-1: important: Security update for arpwatch
openSUSE Security Update: Security update for arpwatch______________________________________________________________________________Announcement ID: openSUSE-SU-2021:0945-1Rating: importantReferences: #1186240 Cross-References: CVE-2021-25321CVSS scores: CVE-2021-25321 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NAffected Products: openSUSE Leap 15.2______________________________________________________________________________ An update that fixes one vulnerability is now available.Description: This update for arpwatch fixes the following issues:
Bug 1186240 - VUL-0: CVE-2021-25321: arpwatch: LPE from runtime user to root
First Last Prev Next    This bug is not in your last search results. First Last Prev Next    This bug is not in your last search results.

News

🚨 NEW: CVE-2021-25321 🚨 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Lea... (click for more) Severity: HIGH https://nvd.nist.gov/vuln/detail/CVE-2021-25321
🚨 NEW: CVE-2021-25321 🚨 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Lea... (click for more) Severity: HIGH nvd.nist.gov/vuln/detail/CVE…
Mageia 2021-0515: arpwatch security update>
A symbolic link (Symlink) following vulnerability in arpwatch allows local attackers with control of the runtime user to run arpwatch and to escalate to root upon the next restart of arpwatch. (CVE-2021-25321) References:
openSUSE 15 Security Update : arpwatch (openSUSE-SU-2021:2177-1)
This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. - A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch.
🚨 NEW: CVE-2021-25321 🚨 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Lea... (click for more) Severity: HIGH
🚨 NEW: CVE-2021-25321 🚨 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Lea... (click for more) Severity: HIGH nvd.nist.gov/vuln/detail/CV… - Threat Intel Center (@threatintelctr) 07:00 - Jul 12, 2021
openSUSE 15 Security Update : arpwatch (openSUSE-SU-2021:0945-1)
The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:0945-1 advisory. A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. (CVE-2021-25321) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version...
See 30 more articles and social media posts

CVSS V3.1

Attack Vector:Local
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI