An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Alpine | edge-main | noarch | quagga | = 1.2.4-r5 | UNKNOWN |
Alpine | 3.14-main | noarch | quagga | = 1.2.4-r5 | UNKNOWN |
Alpine | 3.13-main | noarch | quagga | = 1.2.4-r5 | UNKNOWN |
Alpine | 3.12-main | noarch | quagga | = 1.2.4-r3 | UNKNOWN |
Alpine | 3.11-main | noarch | quagga | = 1.2.4-r3 | UNKNOWN |
Alpine | 3.15-main | noarch | quagga | = 1.2.4-r5 | UNKNOWN |
Alpine | 3.16-main | noarch | quagga | = 1.2.4-r5 | UNKNOWN |