CVE-2021-25321 - log back

CVE-2021-25321 edited at 29 Jun 2021 08:15:05
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Local
Type
- Unknown
+ Privilege escalation
Description
+ A security issue has been found in arpwatch as packaged by SUSE. /var/lib/arpwatch is packaged as root:root. Once arpwatch was run with a unprivileged user the ownership is changed to the unprivileged user, which allows the user specified to escalate to root the next time arpwatch is started. This is due to a SUSE-specific patch, upstream is not affected.
References
+ https://bugzilla.suse.com/show_bug.cgi?id=1186240
Notes
CVE-2021-25321 created at 29 Jun 2021 08:13:10