Vulnerability CVE-2021-25317

Vulnerability Name:

CVE-2021-25317 (CCN-201289)

Assigned:

2021-05-03

Published:

2021-05-03

Updated:

2023-04-14

Summary:

CVSS v3 Severity:

3.3 Low (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N)
2.9 Low (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2021-25317

Source: CCN
Type: Bugzilla Bug 1184161
(CVE-2021-25317) VUL-0: CVE-2021-25317: cups: ownership of /var/log/cups could allow privilege escalation from lp user to root via symlink attacks

Source: meissner@suse.de
Type: Issue Tracking, Vendor Advisory
meissner@suse.de

Source: XF
Type: UNKNOWN
suse-cve202125317-symlink(201289)

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Source: meissner@suse.de
Type: Mailing List, Third Party Advisory
meissner@suse.de

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:suse:manager_server:4.0:*:*:*:*:*:*:*

OR cpe:/o:opensuse:leap:15.2:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:8002	P	cups-ddk-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-20
oval:org.opensuse.security:def:7474	P	cups-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:7926	P	libcups2-32bit-2.2.7-150000.3.40.1 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:3396	P	w3m-0.5.3.git20161120-161.3.4 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3377	P	sysstat-12.0.2-10.24.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94508	P	binutils-2.37-150100.7.29.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2900	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94530	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94882	P	MozillaFirefox-91.8.0-150200.152.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95007	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:95219	P	libwpd-0_10-10-0.10.2-3.3.1 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:36	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:101595	P	Security update for cifs-utils (Important)	2022-04-27
oval:org.opensuse.security:def:965	P	Security update for libcaca (Important)	2022-03-09
oval:org.opensuse.security:def:112129	P	cups-2.3.3op2-4.2 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:99444	P	(Important)	2021-12-22
oval:org.opensuse.security:def:101932	P	Security update for the Linux Kernel (Live Patch 6 for SLE 15 SP3) (Important)	2021-11-17
oval:org.opensuse.security:def:105665	P	Security update for samba (Important)	2021-11-16
oval:org.opensuse.security:def:4473	P	Security update for the Linux Kernel (Live Patch 13 for SLE 12 SP5) (Important)	2021-08-17
oval:org.opensuse.security:def:1913	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62054	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100812	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101221	P	libsrtp2-1-2.2.0-1.34 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:63002	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71795	P	cups-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101260	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:72721	P	cups-ddk-2.2.7-3.26.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:99643	P	(Important)	2021-06-08
oval:org.opensuse.security:def:99950	P	(Important)	2021-06-01
oval:org.opensuse.security:def:33643	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:58733	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:86551	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:5029	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:29358	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:51882	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:82565	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:93562	P	(Important)	2021-04-30
oval:org.opensuse.security:def:38110	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:73607	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:92693	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:100602	P	(Important)	2021-04-30
oval:org.opensuse.security:def:96915	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:9314	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:69834	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:89121	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:126697	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31615	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:56991	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:84592	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:94372	P	(Important)	2021-04-30
oval:org.opensuse.security:def:23567	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:44510	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:107887	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:10245	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:92100	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:99631	P	(Important)	2021-04-30
oval:org.opensuse.security:def:8569	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:66760	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:99245	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:33901	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:59466	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:87374	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:117402	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:30071	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:55181	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:83278	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:93734	P	(Important)	2021-04-30
oval:org.opensuse.security:def:38779	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:74630	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:92892	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:9495	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:70208	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:89379	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:127094	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32087	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:57438	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:85632	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:23894	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:45672	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:108261	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:92295	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:99938	P	(Important)	2021-04-30
oval:org.opensuse.security:def:8744	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:69454	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:34423	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:59724	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:88110	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:117775	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:30191	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:55894	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:83398	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:93949	P	(Important)	2021-04-30
oval:org.opensuse.security:def:40080	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:75828	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:93045	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:111355	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:9694	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:70385	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:64485	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:98855	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:32910	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:57910	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:86079	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:26042	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:51555	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:93405	P	(Important)	2021-04-30
oval:org.opensuse.security:def:108598	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:92494	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:100273	P	(Important)	2021-04-30
oval:org.opensuse.security:def:8939	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:69635	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:60246	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:88422	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:125527	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:31168	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:56014	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:84135	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:94160	P	(Important)	2021-04-30
oval:org.opensuse.security:def:41242	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:43209	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:93198	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:10068	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:91905	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:5671	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:65562	P	Security update for cups (Important)	2021-04-30
oval:org.opensuse.security:def:99050	P	Security update for cups (Important)	2021-04-30

BACK