Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-25321 - log back

CVE-2021-25321 edited at 29 Jun 2021 08:15:05

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Local

Type

-	Unknown
+	Privilege escalation

Description

+

A security issue has been found in arpwatch as packaged by SUSE. /var/lib/arpwatch is packaged as root:root. Once arpwatch was run with a unprivileged user the ownership is changed to the unprivileged user, which allows the user specified to escalate to root the next time arpwatch is started. This is due to a SUSE-specific patch, upstream is not affected.

References

+	https://bugzilla.suse.com/show_bug.cgi?id=1186240

Notes

CVE-2021-25321 created at 29 Jun 2021 08:13:10