CVE-2021-35939
rpm: checks for unsafe symlinks are not performed for intermediary directories
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Se ha detectado que la corrección de CVE-2017-7500 y CVE-2017-7501 era incompleta: la comprobación sólo es implementada para el directorio padre del archivo que iba a crearse. Un usuario local no privilegiado que posea otro directorio antecesor podría usar este fallo para conseguir privilegios de root. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, así como para la disponibilidad del sistema.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-06-29 CVE Reserved
- 2022-08-26 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (6)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1964129 | 2024-08-04 |
URL | Date | SRC |
---|---|---|
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556 | 2023-02-04 | |
https://github.com/rpm-software-management/rpm/pull/1919 | 2023-02-04 |
URL | Date | SRC |
---|---|---|
https://access.redhat.com/security/cve/CVE-2021-35939 | 2023-02-04 | |
https://rpm.org/wiki/Releases/4.18.0 | 2023-02-04 | |
https://security.gentoo.org/glsa/202210-22 | 2023-02-04 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Rpm Search vendor "Rpm" | Rpm Search vendor "Rpm" for product "Rpm" | < 4.18 Search vendor "Rpm" for product "Rpm" and version " < 4.18" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
|