CVE-2021-25321 log

Severity Medium
Remote No
Type Privilege escalation
A security issue has been found in arpwatch as packaged by SUSE. /var/lib/arpwatch is packaged as root:root. Once arpwatch was run with a unprivileged user the ownership is changed to the unprivileged user, which allows the user specified to escalate to root the next time arpwatch is started. This is due to a SUSE-specific patch, upstream is not affected.
Group Package Affected Fixed Severity Status Ticket
AVG-2110 arpwatch 3.1-1 Medium Not affected