CVE-2021-35938

Published: Aug 25, 2022Modified: Nov 21, 2024

6.7

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.8 / Impact: 5.9

Source: NVD

Description

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Affected (5)

Products: Rpm: Rpm · Fedoraproject: Fedora · Redhat: Enterprise Linux

1 product

1 product

1 product

Enterprise Linux

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Rpm Rpm	Before 4.18.0

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0
Redhat Enterprise Linux	Version 9.0

Related CWEs

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (14)

https://access.redhat.com/security/cve/CVE-2021-35938

Source: secalert@redhat.com

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1964114

Source: secalert@redhat.com

Issue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1157880

Source: secalert@redhat.com

ExploitIssue TrackingThird Party Advisory

https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033

Source: secalert@redhat.com

PatchThird Party Advisory

https://github.com/rpm-software-management/rpm/pull/1919

Source: secalert@redhat.com

PatchThird Party Advisory

https://rpm.org/wiki/Releases/4.18.0

Source: secalert@redhat.com

Release Notes

https://security.gentoo.org/glsa/202210-22

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2021-35938

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1964114

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingVendor Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1157880

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

https://github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/rpm-software-management/rpm/pull/1919

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://rpm.org/wiki/Releases/4.18.0

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://security.gentoo.org/glsa/202210-22

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.