Vulnerability identifier: #VU79523

Vulnerability risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-35939

CWE-ID: CWE-59

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
rpm
/

Vendor:

Description

The vulnerability allows a local privileged user to escalate privileges on the system.

The vulnerability exist due to fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local privileged user who owns another ancestor directory could potentially use this flaw to gain root privileges.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://github.com/rpm-software-management/rpm/pull/1919
http://bugzilla.redhat.com/show_bug.cgi?id=1964129
http://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556
http://access.redhat.com/security/cve/CVE-2021-35939
http://rpm.org/wiki/Releases/4.18.0
http://security.gentoo.org/glsa/202210-22

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.