CVSS: 6.7EPSS: 0%CPEs: 2EXPL: 1CVE-2021-35939 – rpm: checks for unsafe symlinks are not performed for intermediary directories
https://notcve.org/view.php?id=CVE-2021-35939
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha detectado que la corrección de CVE-2017-7500 y CVE-2017-7501 era incompleta: la comprobación sólo es implementada para el directorio padre del archivo que iba a crearse. Un usuario local no privilegiado que posea otro directorio antecesor podría usar este fallo para conseguir privilegios de root. • https://access.redhat.com/security/cve/CVE-2021-35939 https://bugzilla.redhat.com/show_bug.cgi?id=1964129 https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 https://github.com/rpm-software-management/rpm/pull/1919 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 1CVE-2021-35937 – rpm: TOCTOU race in checks for unsafe symlinks
https://notcve.org/view.php?id=CVE-2021-35937
A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se encontró una vulnerabilidad de condición de carrera en rpm. Un usuario local no privilegiado podría usar este fallo para omitir las comprobaciones introducidas en respuesta a CVE-2017-7500 y CVE-2017-7501, obteniendo potencialmente privilegios de root. • https://access.redhat.com/security/cve/CVE-2021-35937 https://bugzilla.redhat.com/show_bug.cgi?id=1964125 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 https://www.usenix.org/legacy/event/sec05/tech/full_papers/borisov/borisov.pdf • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.7EPSS: 0%CPEs: 5EXPL: 1CVE-2021-35938 – rpm: races with chown/chmod/capabilities calls during installation
https://notcve.org/view.php?id=CVE-2021-35938
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. Se ha encontrado un problema de enlaces simbólicos en rpm. • https://access.redhat.com/security/cve/CVE-2021-35938 https://bugzilla.redhat.com/show_bug.cgi?id=1964114 https://bugzilla.suse.com/show_bug.cgi?id=1157880 https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033 https://github.com/rpm-software-management/rpm/pull/1919 https://rpm.org/wiki/Releases/4.18.0 https://security.gentoo.org/glsa/202210-22 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3521 – rpm: RPM does not require subkeys to have a valid binding signature
https://notcve.org/view.php?id=CVE-2021-3521
There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a "binding signature." RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. • https://access.redhat.com/security/cve/CVE-2021-3521 https://bugzilla.redhat.com/show_bug.cgi?id=1941098 https://github.com/rpm-software-management/rpm/commit/bd36c5dc9fb6d90c46fbfed8c2d67516fc571ec8 https://github.com/rpm-software-management/rpm/pull/1795 https://security.gentoo.org/glsa/202210-22 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2021-3421 – rpm: unsigned signature header leads to string injection into an rpm database
https://notcve.org/view.php?id=CVE-2021-3421
A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity. This flaw affects RPM versions before 4.17.0-alpha. Se encontró un fallo en el paquete RPM en la funcionalidad read. • https://bugzilla.redhat.com/show_bug.cgi?id=1927747 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMGXO3W6DHPO62GJ4VVF5DEUX5DRUR5K https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHRPNBCRPDJHHQE3MBPSZK4H7X2IM7AC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YILPBTPSBRYL4POBI3F4YUSVPSOQNJBY https://security.gentoo.org/glsa/202107-43 https://access.redhat.com/security/cve/CVE-2021-3421 • CWE-347: Improper Verification of Cryptographic Signature •