CVE-2021-25321: arpwatch: Local privilege escalation from runtime user to root
First published: Wed Jun 30 2021(Updated: )
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suse Arpwatch | <2.1a15 | |
| SUSE Manager Server | =4.0 | |
| SUSE OpenStack Cloud Crowbar | =9.0 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| Suse Arpwatch | <=2.1a15-169.5 | |
| openSUSE Factory | ||
| Suse Arpwatch | <=2.1a15-lp152.5.5 | |
| openSUSE Leap | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-25321?
CVE-2021-25321 is a UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2.
How severe is CVE-2021-25321?
CVE-2021-25321 has a severity score of 7.8 out of 10, which is classified as high.
Which software versions are affected by CVE-2021-25321?
CVE-2021-25321 affects Suse Arpwatch version up to and including 2.1a15, SUSE Manager Server 4.0, and SUSE OpenStack Cloud Crowbar 9.
How can a local attacker exploit CVE-2021-25321?
A local attacker with control of the runtime user can exploit CVE-2021-25321 to run arpwatch as root and escalate privileges.
Is openSUSE Factory and openSUSE Leap 15.2 affected by CVE-2021-25321?
No, openSUSE Factory and openSUSE Leap 15.2 are not affected by CVE-2021-25321.
- agent/type
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/weakness
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/title
- agent/tags
- agent/first-publish-date
- agent/event
- vendor/suse
- canonical/suse arpwatch
- canonical/suse manager server
- version/suse manager server/4.0
- canonical/suse openstack cloud crowbar
- version/suse openstack cloud crowbar/9.0
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- version/suse arpwatch/2.1a15-169.5
- vendor/opensuse
- canonical/opensuse factory
- version/suse arpwatch/2.1a15-lp152.5.5
- canonical/opensuse leap
- version/opensuse leap/15.2