CVE-2021-35938

Updated: 2023-11-04 20:29:18.803317

Description:

A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.7

Status

OS name Project name Version Score Severity Status Errata Last updated
AlmaLinux 9.2 ESU rpm 4.16.1.3 6.7 MEDIUM Released CLSA-2024:1708417063 2024-02-20 03:57:03
CentOS 6 ELS rpm 4.8.0 6.7 MEDIUM Ignored 2022-11-30 04:04:09
CentOS 7 ELS rpm 4.11.3 6.7 MEDIUM Ignored 2023-09-19 09:30:12
CentOS 8.4 ELS rpm 4.14.3-14 6.7 MEDIUM Ignored 2023-01-12 07:39:54
CentOS 8.5 ELS rpm 4.14.3-19 6.7 MEDIUM Ignored 2023-01-12 07:39:54
CloudLinux 6 ELS rpm 4.8.0 6.7 MEDIUM Ignored 2022-11-30 04:04:09
Oracle Linux 6 ELS rpm 4.8.0 6.7 MEDIUM Ignored 2022-11-30 04:04:09