CWE-61
UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
CVE-2021-1612 (GCVE-0-2021-1612)
Vulnerability from cvelistv5 – Published: 2021-09-23 02:30 – Updated: 2024-11-07 21:51
VLAI
Title
Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability
Summary
A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device.
Severity
5.5 (Medium)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://tools.cisco.com/security/center/content/C… | vendor-advisoryx_refsource_CISCO |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cisco | Cisco IOS XE SD-WAN Software |
Affected:
n/a
|
Date Public
2021-09-22 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:18:10.335Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20210922 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-1612",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-07T21:40:28.570040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-07T21:51:57.117Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Cisco IOS XE SD-WAN Software",
"vendor": "Cisco",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2021-09-22T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device."
}
],
"exploits": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-23T02:30:39.000Z",
"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"shortName": "cisco"
},
"references": [
{
"name": "20210922 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"tags": [
"vendor-advisory",
"x_refsource_CISCO"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"
}
],
"source": {
"advisory": "cisco-sa-sd-wan-GjR5pGOm",
"defect": [
[
"CSCvt63238"
]
],
"discovery": "INTERNAL"
},
"title": "Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@cisco.com",
"DATE_PUBLIC": "2021-09-22T16:00:00",
"ID": "CVE-2021-1612",
"STATE": "PUBLIC",
"TITLE": "Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Cisco IOS XE SD-WAN Software",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Cisco"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the Cisco IOS XE SD-WAN Software CLI could allow an authenticated, local attacker to overwrite arbitrary files on the local system. This vulnerability is due to improper access controls on files within the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on an affected device."
}
]
},
"exploit": [
{
"lang": "en",
"value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."
}
],
"impact": {
"cvss": {
"baseScore": "5.5",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20210922 Cisco IOS XE SD-WAN Software Arbitrary File Overwrite Vulnerability",
"refsource": "CISCO",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-GjR5pGOm"
}
]
},
"source": {
"advisory": "cisco-sa-sd-wan-GjR5pGOm",
"defect": [
[
"CSCvt63238"
]
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
"assignerShortName": "cisco",
"cveId": "CVE-2021-1612",
"datePublished": "2021-09-23T02:30:39.829Z",
"dateReserved": "2020-11-13T00:00:00.000Z",
"dateUpdated": "2024-11-07T21:51:57.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25321 (GCVE-0-2021-25321)
Vulnerability from cvelistv5 – Published: 2021-06-30 08:25 – Updated: 2024-09-16 18:43
VLAI
Title
arpwatch: Local privilege escalation from runtime user to root
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
Severity
7.8 (High)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1186240 | x_refsource_CONFIRM |
Impacted products
5 products
| Vendor | Product | Version | |
|---|---|---|---|
| SUSE | SUSE Linux Enterprise Server 11-SP4-LTSS |
Affected:
arpwatch , < 2.1a15
(custom)
|
|
| SUSE | SUSE Manager Server 4.0 |
Affected:
arpwatch , < 2.1a15
(custom)
|
|
| SUSE | SUSE OpenStack Cloud Crowbar 9 |
Affected:
arpwatch , < 2.1a15
(custom)
|
|
| openSUSE | Factory |
Affected:
arpwatch , ≤ 2.1a15-169.5
(custom)
|
|
| openSUSE | Leap 15.2 |
Affected:
arpwatch , ≤ 2.1a15-lp152.5.5
(custom)
|
Date Public
2021-06-28 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:04.107Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.1a15",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "SUSE Manager Server 4.0",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.1a15",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "SUSE OpenStack Cloud Crowbar 9",
"vendor": "SUSE",
"versions": [
{
"lessThan": "2.1a15",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.1a15-169.5",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
},
{
"product": "Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "2.1a15-lp152.5.5",
"status": "affected",
"version": "arpwatch",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Johannes Segitz of SUSE"
}
],
"datePublic": "2021-06-28T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-30T08:25:12.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1186240",
"defect": [
"1186240"
],
"discovery": "INTERNAL"
},
"title": "arpwatch: Local privilege escalation from runtime user to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-06-28T00:00:00.000Z",
"ID": "CVE-2021-25321",
"STATE": "PUBLIC",
"TITLE": "arpwatch: Local privilege escalation from runtime user to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "SUSE Linux Enterprise Server 11-SP4-LTSS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "arpwatch",
"version_value": "2.1a15"
}
]
}
},
{
"product_name": "SUSE Manager Server 4.0",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "arpwatch",
"version_value": "2.1a15"
}
]
}
},
{
"product_name": "SUSE OpenStack Cloud Crowbar 9",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "arpwatch",
"version_value": "2.1a15"
}
]
}
}
]
},
"vendor_name": "SUSE"
},
{
"product": {
"product_data": [
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "arpwatch",
"version_value": "2.1a15-169.5"
}
]
}
},
{
"product_name": "Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "arpwatch",
"version_value": "2.1a15-lp152.5.5"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Johannes Segitz of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1186240",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1186240"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1186240",
"defect": [
"1186240"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-25321",
"datePublished": "2021-06-30T08:25:12.750Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:43:24.802Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-25322 (GCVE-0-2021-25322)
Vulnerability from cvelistv5 – Published: 2021-06-10 11:45 – Updated: 2024-09-17 03:02
VLAI
Title
python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root
Summary
A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1.
Severity
6.8 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1182373 | x_refsource_CONFIRM |
Impacted products
Date Public
2021-05-19 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T20:03:05.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Leap 15.2",
"vendor": "openSUSE",
"versions": [
{
"lessThanOrEqual": "1.3.2-lp152.2.3.1",
"status": "affected",
"version": "python-HyperKitty",
"versionType": "custom"
}
]
},
{
"product": "Factory",
"vendor": "openSUSE",
"versions": [
{
"lessThan": "1.3.4-5.1",
"status": "affected",
"version": "python-HyperKitty",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Matthias Gerstner of SUSE"
}
],
"datePublic": "2021-05-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61: UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-10T11:45:11.000Z",
"orgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"shortName": "suse"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182373"
}
],
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1182373",
"defect": [
"1182373"
],
"discovery": "INTERNAL"
},
"title": "python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@suse.com",
"DATE_PUBLIC": "2021-05-19T00:00:00.000Z",
"ID": "CVE-2021-25322",
"STATE": "PUBLIC",
"TITLE": "python-HyperKitty: hyperkitty-permissions.sh used during %post allows local privilege escalation from hyperkitty user to root"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Leap 15.2",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_name": "python-HyperKitty",
"version_value": "1.3.2-lp152.2.3.1"
}
]
}
},
{
"product_name": "Factory",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "python-HyperKitty",
"version_value": "1.3.4-5.1"
}
]
}
}
]
},
"vendor_name": "openSUSE"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Matthias Gerstner of SUSE"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A UNIX Symbolic Link (Symlink) Following vulnerability in python-HyperKitty of openSUSE Leap 15.2, Factory allows local attackers to escalate privileges from the user hyperkitty or hyperkitty-admin to root. This issue affects: openSUSE Leap 15.2 python-HyperKitty version 1.3.2-lp152.2.3.1 and prior versions. openSUSE Factory python-HyperKitty versions prior to 1.3.4-5.1."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61: UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.suse.com/show_bug.cgi?id=1182373",
"refsource": "CONFIRM",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1182373"
}
]
},
"source": {
"advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1182373",
"defect": [
"1182373"
],
"discovery": "INTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "404e59f5-483d-4b8a-8e7a-e67604dd8afb",
"assignerShortName": "suse",
"cveId": "CVE-2021-25322",
"datePublished": "2021-06-10T11:45:11.776Z",
"dateReserved": "2021-01-19T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:02:08.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32508 (GCVE-0-2021-32508)
Vulnerability from cvelistv5 – Published: 2021-07-07 14:11 – Updated: 2024-09-16 18:33
VLAI
Title
QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function
Summary
Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Severity
6.5 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QSAN | Storage Manager |
Affected:
unspecified , ≤ 3.3.1
(custom)
|
Date Public
2021-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storage Manager",
"vendor": "QSAN",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T10:32:28.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104013",
"discovery": "EXTERNAL"
},
"title": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-07T09:12:00.000Z",
"ID": "CVE-2021-32508",
"STATE": "PUBLIC",
"TITLE": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileStreaming function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storage Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
}
]
},
"vendor_name": "QSAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in FileStreaming in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4864-94df4-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104013",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32508",
"datePublished": "2021-07-07T14:11:42.382Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:33:36.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32509 (GCVE-0-2021-32509)
Vulnerability from cvelistv5 – Published: 2021-07-07 14:11 – Updated: 2024-09-16 23:20
VLAI
Title
QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function
Summary
Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Severity
6.5 (Medium)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QSAN | Storage Manager |
Affected:
unspecified , ≤ 3.3.1
(custom)
|
Date Public
2021-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:17:29.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storage Manager",
"vendor": "QSAN",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T10:32:29.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104014",
"discovery": "EXTERNAL"
},
"title": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-07T09:17:00.000Z",
"ID": "CVE-2021-32509",
"STATE": "PUBLIC",
"TITLE": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following via FileviewDoc function"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storage Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
}
]
},
"vendor_name": "QSAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Absolute Path Traversal vulnerability in FileviewDoc in QSAN Storage Manager allows remote authenticated attackers access arbitrary files by injecting the Symbolic Link following the Url path parameter. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4865-0c967-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104014",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32509",
"datePublished": "2021-07-07T14:11:44.024Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:20:43.163Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32518 (GCVE-0-2021-32518)
Vulnerability from cvelistv5 – Published: 2021-07-07 14:11 – Updated: 2024-09-16 18:29
VLAI
Title
QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following
Summary
A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3.
Severity
7.5 (High)
CWE
- CWE-61 - UNIX Symbolic Link (Symlink) Following
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| QSAN | Storage Manager |
Affected:
unspecified , ≤ 3.3.1
(custom)
|
Date Public
2021-07-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:29.950Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Storage Manager",
"vendor": "QSAN",
"versions": [
{
"lessThanOrEqual": "3.3.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-07-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-22T10:32:42.000Z",
"orgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"shortName": "twcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html"
}
],
"solutions": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104023",
"discovery": "EXTERNAL"
},
"title": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "TWCERT/CC",
"ASSIGNER": "cve@cert.org.tw",
"DATE_PUBLIC": "2021-07-07T11:33:00.000Z",
"ID": "CVE-2021-32518",
"STATE": "PUBLIC",
"TITLE": "QSAN Storage Manager - UNIX Symbolic Link (Symlink) Following"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Storage Manager",
"version": {
"version_data": [
{
"version_affected": "\u003c=",
"version_value": "3.3.1"
}
]
}
}
]
},
"vendor_name": "QSAN"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in share_link in QSAN Storage Manager allows remote attackers to create a symbolic link then access arbitrary files. The referred vulnerability has been solved with the updated version of QSAN Storage Manager v3.3.3."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html",
"refsource": "MISC",
"url": "https://www.twcert.org.tw/tw/cp-132-4874-79edc-1.html"
}
]
},
"solution": [
{
"lang": "en",
"value": "QSAN Storage Manager v3.3.3"
}
],
"source": {
"advisory": "TVN-202104023",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cded6c7f-6ce5-4948-8f87-aa7a3bbb6b0e",
"assignerShortName": "twcert",
"cveId": "CVE-2021-32518",
"datePublished": "2021-07-07T14:11:58.569Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:47.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32547 (GCVE-0-2021-32547)
Vulnerability from cvelistv5 – Published: 2021-06-12 03:40 – Updated: 2024-09-17 03:18
VLAI
Title
apport read_file() function could follow maliciously constructed symbolic links
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users.
Severity
7.3 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/apport/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Date Public
2021-05-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.114Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:36.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport read_file() function could follow maliciously constructed symbolic links",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32547",
"STATE": "PUBLIC",
"TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-lts package apport hooks, it could expose private data to other local users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32547",
"datePublished": "2021-06-12T03:40:36.400Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:22.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32548 (GCVE-0-2021-32548)
Vulnerability from cvelistv5 – Published: 2021-06-12 03:40 – Updated: 2024-09-16 18:29
VLAI
Title
apport read_file() function could follow maliciously constructed symbolic links
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users.
Severity
7.3 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/apport/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Date Public
2021-05-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:37.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport read_file() function could follow maliciously constructed symbolic links",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32548",
"STATE": "PUBLIC",
"TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-8 package apport hooks, it could expose private data to other local users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32548",
"datePublished": "2021-06-12T03:40:37.135Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T18:29:09.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32549 (GCVE-0-2021-32549)
Vulnerability from cvelistv5 – Published: 2021-06-12 03:40 – Updated: 2024-09-16 23:11
VLAI
Title
apport read_file() function could follow maliciously constructed symbolic links
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users.
Severity
7.3 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/apport/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Date Public
2021-05-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.532Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:37.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport read_file() function could follow maliciously constructed symbolic links",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32549",
"STATE": "PUBLIC",
"TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-13 package apport hooks, it could expose private data to other local users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32549",
"datePublished": "2021-06-12T03:40:37.848Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:11:32.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-32550 (GCVE-0-2021-32550)
Vulnerability from cvelistv5 – Published: 2021-06-12 03:40 – Updated: 2024-09-16 23:22
VLAI
Title
apport read_file() function could follow maliciously constructed symbolic links
Summary
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users.
Severity
7.3 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://bugs.launchpad.net/ubuntu/+source/apport/… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | apport |
Affected:
2.20.1 , < 2.20.1-0ubuntu2.30+esm1
(custom)
Affected: 2.20.9 , < 2.20.9-0ubuntu7.24 (custom) Affected: 2.20.11-0ubuntu27 , < 2.20.11-0ubuntu27.18 (custom) Affected: 2.20.11-0ubuntu50 , < 2.20.11-0ubuntu50.7 (custom) Affected: 2.20.11-0ubuntu65 , < 2.20.11-0ubuntu65.1 (custom) Affected: 2.14.1-0ubuntu3 , < 2.14.1-0ubuntu3.29+esm7 (custom) |
Date Public
2021-05-25 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.361Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "apport",
"vendor": "Canonical",
"versions": [
{
"lessThan": "2.20.1-0ubuntu2.30+esm1",
"status": "affected",
"version": "2.20.1",
"versionType": "custom"
},
{
"lessThan": "2.20.9-0ubuntu7.24",
"status": "affected",
"version": "2.20.9",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu27.18",
"status": "affected",
"version": "2.20.11-0ubuntu27",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu50.7",
"status": "affected",
"version": "2.20.11-0ubuntu50",
"versionType": "custom"
},
{
"lessThan": "2.20.11-0ubuntu65.1",
"status": "affected",
"version": "2.20.11-0ubuntu65",
"versionType": "custom"
},
{
"lessThan": "2.14.1-0ubuntu3.29+esm7",
"status": "affected",
"version": "2.14.1-0ubuntu3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "maik@secfault-security.com (@fktio)"
}
],
"datePublic": "2021-05-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-61",
"description": "CWE-61 UNIX Symbolic Link (Symlink) Following",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-12T03:40:38.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
],
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
},
"title": "apport read_file() function could follow maliciously constructed symbolic links",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2021-05-25T00:00:00.000Z",
"ID": "CVE-2021-32550",
"STATE": "PUBLIC",
"TITLE": "apport read_file() function could follow maliciously constructed symbolic links"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "apport",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "2.20.1",
"version_value": "2.20.1-0ubuntu2.30+esm1"
},
{
"version_affected": "\u003c",
"version_name": "2.20.9",
"version_value": "2.20.9-0ubuntu7.24"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu27",
"version_value": "2.20.11-0ubuntu27.18"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu50",
"version_value": "2.20.11-0ubuntu50.7"
},
{
"version_affected": "\u003c",
"version_name": "2.20.11-0ubuntu65",
"version_value": "2.20.11-0ubuntu65.1"
},
{
"version_affected": "\u003c",
"version_name": "2.14.1-0ubuntu3",
"version_value": "2.14.1-0ubuntu3.29+esm7"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "maik@secfault-security.com (@fktio)"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-14 package apport hooks, it could expose private data to other local users."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-59 Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-61 UNIX Symbolic Link (Symlink) Following"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
}
]
},
"source": {
"advisory": "https://ubuntu.com/security/notices/USN-4965-1",
"defect": [
"https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1917904"
],
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2021-32550",
"datePublished": "2021-06-12T03:40:38.559Z",
"dateReserved": "2021-05-10T00:00:00.000Z",
"dateUpdated": "2024-09-16T23:22:01.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Implementation
Description:
- Symbolic link attacks often occur when a program creates a tmp directory that stores files/links. Access to the directory should be restricted to the program as to prevent attackers from manipulating the files.
Mitigation ID: MIT-48.1
Phase: Architecture and Design
Strategy: Separation of Privilege
Description:
- Follow the principle of least privilege when assigning access rights to entities in a software system.
- Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.
CAPEC-27: Leveraging Race Conditions via Symbolic Links
This attack leverages the use of symbolic links (Symlinks) in order to write to sensitive files. An attacker can create a Symlink link to a target file not otherwise accessible to them. When the privileged program tries to create a temporary file with the same name as the Symlink link, it will actually write to the target file pointed to by the attackers' Symlink link. If the attacker can insert malicious content in the temporary file they will be writing to the sensitive file by using the Symlink. The race occurs because the system checks if the temporary file exists, then creates the file. The attacker would typically create the Symlink during the interval between the check and the creation of the temporary file.