Unrated severityNVD Advisory· Published Jun 10, 2021· Updated Sep 16, 2024
inn: %post calls user owned file allowing local privilege escalation to root
CVE-2021-31998
Description
A Incorrect Default Permissions vulnerability in the packaging of inn of SUSE Linux Enterprise Server 11-SP3; openSUSE Backports SLE-15-SP2, openSUSE Leap 15.2 allows local attackers to escalate their privileges from the news user to root. This issue affects: SUSE Linux Enterprise Server 11-SP3 inn version inn-2.4.2-170.21.3.1 and prior versions. openSUSE Backports SLE-15-SP2 inn versions prior to 2.6.2. openSUSE Leap 15.2 inn versions prior to 2.6.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords4 versionspkg:rpm/opensuse/inn&distro=openSUSE%20Leap%2015.2pkg:rpm/suse/inn&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/inn&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/inn&distro=SUSE%20Package%20Hub%2015%20SP2
< 2.6.2-lp152.2.6.1+ 3 more
- (no CPE)range: < 2.6.2-lp152.2.6.1
- (no CPE)range: < 2.4.2-170.21.3.6.1
- (no CPE)range: < 2.4.2-170.21.3.6.1
- (no CPE)range: < 2.6.2-bp152.2.8.1
- openSUSE/openSUSE Backports SLE-15-SP2v5Range: inn
- openSUSE/openSUSE Leap 15.2v5Range: inn
- Range: inn
Patches
Vulnerability mechanics
References
1- bugzilla.suse.com/show_bug.cgimitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.