Unrated severityNVD Advisory· Published Feb 23, 2021· Updated Sep 16, 2024

CVE-2021-25630

Description

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

Affected products

The Document Foundation/Libreoffice Onlinev5
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68vmitrex_refsource_MISC
www.openwall.com/lists/oss-security/2021/01/18/3mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000