Main Vulnerability Database Vulnerabilities #VU58356

#VU58356 Permissions, Privileges, and Access Controls in Quagga - CVE-2021-44038

Published: November 24, 2021

Vulnerability identifier: #VU58356

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-44038

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Quagga

Software vendor:
quagga.net

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an unsafe chown/chmod operations in the suggested spec file, which leads to security restrictions bypass and privilege escalation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://bugzilla.suse.com/show_bug.cgi?id=1191890
https://github.com/Quagga/quagga/releases