CVE-2021-25630
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.
"loolforkit" es un programa privilegiado que se supone debe ser ejecutado por un usuario "lool" especial, sin privilegios. Antes de hacer cualquier otra cosa, "loolforkit" comprueba si fue invocado por el usuario "lool" y se niega a ejecutar con privilegios, si no es el caso. En la versión vulnerable de "loolforkit", esta comprobación era equivocada, por lo que un usuario normal podría iniciar "loolforkit" y eventualmente alcanzar privilegios de root local
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-19 CVE Reserved
- 2021-02-23 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-269: Improper Privilege Management
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v | Third Party Advisory | |
https://www.openwall.com/lists/oss-security/2021/01/18/3 | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Collaboraoffice Search vendor "Collaboraoffice" | Online Search vendor "Collaboraoffice" for product "Online" | >= 4.2.0 < 4.2.13 Search vendor "Collaboraoffice" for product "Online" and version " >= 4.2.0 < 4.2.13" | - |
Affected
| ||||||
Collaboraoffice Search vendor "Collaboraoffice" | Online Search vendor "Collaboraoffice" for product "Online" | >= 6.4.0 < 6.4.3 Search vendor "Collaboraoffice" for product "Online" and version " >= 6.4.0 < 6.4.3" | - |
Affected
|