CVE-2021-25321 log
| Source |
|
| Severity | Medium |
| Remote | No |
| Type | Privilege escalation |
| Description | A security issue has been found in arpwatch as packaged by SUSE. /var/lib/arpwatch is packaged as root:root. Once arpwatch was run with a unprivileged user the ownership is changed to the unprivileged user, which allows the user specified to escalate to root the next time arpwatch is started. This is due to a SUSE-specific patch, upstream is not affected. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2110 | arpwatch | 3.1-1 | Medium | Not affected |
| References |
|---|
https://bugzilla.suse.com/show_bug.cgi?id=1186240 |