CVE-2021-25317

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:ltss:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:manager_server:4.0:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:suse:openstack_cloud_crowbar:9.0:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:a:suse:cups:*:*:*:*:*:*:*:*
cpe:2.3:a:opensuse:factory:-:*:*:*:*:*:*:*

Information

Published : 2021-05-05 03:15

Updated : 2023-01-19 05:15


NVD link : CVE-2021-25317

Mitre link : CVE-2021-25317


JSON object : View

CWE
CWE-276

Incorrect Default Permissions

Advertisement

dedicated server usa

Products Affected

suse

  • manager_server
  • openstack_cloud_crowbar
  • cups
  • linux_enterprise_server

fedoraproject

  • fedora

opensuse

  • leap
  • factory