Lucene search
PRIOn knowledge basePRION:CVE-2021-35938HistoryAug 25, 2022 - 8:15 p.m.
Design/Logic Flaw
2022-08-2520:15:00
PRIOn knowledge base
www.prio-n.com
6
rpm
symbolic link
privilege escalation
data confidentiality
integrity
system availability
A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 34 | |
| enterprise_linux | eq | 7.0 | |
| enterprise_linux | eq | 8.0 | |
| enterprise_linux | eq | 9.0 | |
| rpm | lt | 4.18.0 |
References
access.redhat.com/security/cve/CVE-2021-35938
bugzilla.redhat.com/show_bug.cgi?id=1964114
bugzilla.suse.com/show_bug.cgi?id=1157880
github.com/rpm-software-management/rpm/commit/25a435e90844ea98fe5eb7bef22c1aecf3a9c033
github.com/rpm-software-management/rpm/pull/1919
rpm.org/wiki/Releases/4.18.0
security.gentoo.org/glsa/202210-22
Related
redhatcve
redhatcve
CVE-2021-35938
2021-07-01 17:23:07
cve
cve
CVE-2021-35938
2022-08-25 20:15:09
nvd
nvd
CVE-2021-35938
2022-08-25 20:15:09
cbl_mariner
cbl_mariner
CVE-2021-35938 affecting package rpm for versions less than 4.18.0-1
2022-10-05 23:33:44
CVE-2021-35938 affecting package rpm 4.14.2-15
2024-07-03 17:22:46
debiancve
debiancve
CVE-2021-35938
2022-08-25 20:15:09
osv
osv
CVE-2021-35938
2022-08-25 20:15:09
Moderate: rpm security update
2024-02-12 20:17:16
Moderate: rpm security update
2024-01-25 00:00:00
cvelist
cvelist
CVE-2021-35938
2022-08-25 00:00:00
veracode
veracode
Privilege Escalation
2022-10-01 00:52:27
alpinelinux
alpinelinux
CVE-2021-35938
2022-08-25 20:15:09
ubuntucve
ubuntucve
CVE-2021-35938
2022-08-25 00:00:00
redhat
redhat
(RHSA-2024:0435) Moderate: rpm security update
2024-01-24 14:40:39
(RHSA-2024:0647) Moderate: rpm security update
2024-02-01 12:04:42
(RHSA-2024:0463) Moderate: rpm security update
2024-01-24 14:41:02
oraclelinux
oraclelinux
rpm security update
2024-01-25 00:00:00
rpm security update
2024-02-02 00:00:00
nessus
nessus
RHEL 9 : rpm (RHSA-2024:0435)
2024-01-25 00:00:00
RHEL 8 : rpm (RHSA-2024:0582)
2024-01-30 00:00:00
RHEL 9 : rpm (RHSA-2024:0463)
2024-01-25 00:00:00
rocky
rocky
rpm security update
2024-02-12 20:17:16
almalinux
almalinux
Moderate: rpm security update
2024-01-25 00:00:00
Moderate: rpm security update
2024-02-01 00:00:00
freebsd
freebsd
rpm4 -- Multiple Vulnerabilities
2022-08-22 00:00:00
redos
redos
ROS-20240410-21
2024-04-10 00:00:00
gentoo
gentoo
RPM: Multiple Vulnerabilities
2022-10-31 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2022-2855)
2022-12-22 00:00:00
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2022-2776)
2022-11-14 00:00:00
Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2023-1153)
2023-01-12 00:00:00
ibm
ibm
Security Bulletin: App Connect Enterprise Certified Container UBI updates
2024-03-07 14:53:54
Security Bulletin: IBM Observability with Instana (OnPrem) is affected by Multiple Security Vulnerabilities
2024-05-30 11:23:32
Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities
2024-04-11 18:19:49