← Retour aux CVEs
CVE-2021-35939
MEDIUM6.7
Description
It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Details CVE
Score CVSS v3.16.7
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisHIGH
Interaction utilisateurNONE
Publie8/26/2022
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
redhat:enterprise_linuxrpm:rpm
Faiblesses (CWE)
CWE-59CWE-59
References
https://access.redhat.com/security/cve/CVE-2021-35939(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1964129(secalert@redhat.com)
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556(secalert@redhat.com)
https://github.com/rpm-software-management/rpm/pull/1919(secalert@redhat.com)
https://rpm.org/wiki/Releases/4.18.0(secalert@redhat.com)
https://security.gentoo.org/glsa/202210-22(secalert@redhat.com)
https://access.redhat.com/security/cve/CVE-2021-35939(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1964129(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/rpm-software-management/rpm/pull/1919(af854a3a-2127-422b-91ae-364da2661108)
https://rpm.org/wiki/Releases/4.18.0(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-22(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.