Oval Definition:oval:org.opensuse.security:def:202125321
Revision Date:2023-06-22Version:1
Title:CVE-2021-25321
Description:

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-25321
SUSE CVE-2021-25321
SUSE-SU-2021:14759-1
SUSE-SU-2021:2175-1
SUSE-SU-2021:2177-1
openSUSE-SU-2021:0945-1
openSUSE-SU-2021:2177-1
Platform(s):openSUSE Leap 15.2
openSUSE Leap 15.3
openSUSE Leap 15.3 SLE Imports
openSUSE Tumbleweed
SUSE CaaS Platform 4.0
SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise Desktop 15 SP4
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise High Performance Computing 15 SP4
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 11 SP1-TERADATA
SUSE Linux Enterprise Server 11 SP3-TERADATA
SUSE Linux Enterprise Server 11 SP4-LTSS
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4-ESPOS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server 15 SP1-BCL
SUSE Linux Enterprise Server 15 SP1-LTSS
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server 15 SP4
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Linux Enterprise Server for SAP Applications 15 SP1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE Linux Enterprise Storage 7
SUSE Linux Enterprise Storage 7.1
SUSE Manager Proxy 4.0
SUSE Manager Proxy 4.1
SUSE Manager Proxy 4.2
SUSE Manager Proxy 4.3
SUSE Manager Retail Branch Server 4.0
SUSE Manager Retail Branch Server 4.1
SUSE Manager Retail Branch Server 4.2
SUSE Manager Retail Branch Server 4.3
SUSE Manager Server 4.0
SUSE Manager Server 4.1
SUSE Manager Server 4.2
SUSE Manager Server 4.3
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.3 SLE Imports is installed
  • AND Package Information
  • arpwatch-2.1a15-5.12.1 is installed
  • AND arpwatch is signed with openSUSE key
  • OR
  • arpwatch-ethercodes-build-2.1a15-5.12.1 is installed
  • AND arpwatch-ethercodes-build is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • arpwatch-3.1-1.2 is installed
  • OR arpwatch-ethercodes-build-3.1-1.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP1-LTSS is installed
  • OR SUSE Linux Enterprise Server 15-LTSS is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15-LTSS is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP3 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 11 SP1-TERADATA is installed
  • OR SUSE Linux Enterprise Server 11 SP3-TERADATA is installed
  • AND arpwatch-2.1a15-131.23.2.6.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 11 SP4-LTSS is installed
  • AND arpwatch-2.1a15-131.23.2.6.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.2 is installed
  • AND Package Information
  • arpwatch-2.1a15-lp152.6.9.1 is installed
  • AND arpwatch is signed with openSUSE key
  • OR
  • arpwatch-ethercodes-build-2.1a15-lp152.6.9.1 is installed
  • AND arpwatch-ethercodes-build is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 15 SP1-LTSS is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE CaaS Platform 4.0 is installed
  • OR SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 15 SP1-LTSS is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • OR SUSE Manager Proxy 4.0 is installed
  • OR SUSE Manager Retail Branch Server 4.0 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
  • OR Package Information
  • SUSE Manager Server 4.0 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP2 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Storage 7 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • OR SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • OR SUSE OpenStack Cloud 8 is installed
  • OR SUSE OpenStack Cloud Crowbar 8 is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE OpenStack Cloud 9 is installed
  • OR SUSE OpenStack Cloud Crowbar 9 is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.3 is installed
  • AND Package Information
  • arpwatch-2.1a15-5.12.1 is installed
  • AND arpwatch is signed with openSUSE key
  • OR
  • arpwatch-ethercodes-build-2.1a15-5.12.1 is installed
  • AND arpwatch-ethercodes-build is signed with openSUSE key
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP4 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP4 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP4 is installed
  • OR SUSE Linux Enterprise Server 15 SP4 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP4 is installed
  • OR SUSE Manager Proxy 4.3 is installed
  • OR SUSE Manager Retail Branch Server 4.3 is installed
  • OR SUSE Manager Server 4.3 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • OR SUSE Linux Enterprise Software Development Kit 12 SP5 is installed
  • AND arpwatch-ethercodes-build-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 12 SP5 is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Server for SAP Applications 12 SP4 is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP4-LTSS is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Server 12 SP4-ESPOS is installed
  • AND arpwatch-2.1a15-159.9.1 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND arpwatch-2.1a15-5.12.1 is installed
    • BACK