5.9

CVE-2021-36781

Exploit

parsec: dangerous 777 permissions for /run/parsec

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpensuseFactory Version < 0.8.1-1.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.03% 0.087
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 1.8 2.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
nvd@nist.gov 3.6 3.9 4.9
AV:L/AC:L/Au:N/C:N/I:P/A:P
meissner@suse.de 5.9 2.5 3.4
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://bugzilla.suse.com/show_bug.cgi?id=1193484
Patch
Third Party Advisory
Exploit
Issue Tracking