2.1A15Lp152.5.5

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

suse

NVD

Published: 2021-06-30

Updated: 2023-06-22

Summary

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

Vulnerable Configurations

Part	Description	Count
Application	Suse Suse Arpwatch - Suse Arpwatch 2.1A15 Suse Arpwatch 2.1A15-169.5 Suse Arpwatch 2.1A15-Lp152.5.5 Suse Manager Server 4.0 Suse Openstack Cloud Crowbar 9.0	6
Application	Opensuse Opensuse Factory -	1
OS	Suse Suse Linux Enterprise Server 11	1
OS	Opensuse Opensuse Leap 15.2	1

References

https://bugzilla.suse.com/show_bug.cgi?id=1186240