Updated: 2024-11-24 05:36:51.122553
Description:
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | HIGH | 7.2 |
CVSS Version 3.x | HIGH | 7.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 6 ELS | quagga | 0.99.15 | 7.8 | HIGH | Released | CLSA-2022:1643112395 | 2022-05-05 12:04:24 | |
CloudLinux 6 ELS | quagga | 0.99.15 | 7.8 | HIGH | Released | CLSA-2022:1643113500 | 2022-02-02 11:41:07 | |
Oracle Linux 6 ELS | quagga | 0.99.15 | 7.8 | HIGH | Released | CLSA-2022:1643113123 | 2022-01-25 11:19:53 | |
Ubuntu 16.04 ELS | quagga | 0.99.24.1-2 | 7.8 | HIGH | Not Vulnerable | 2022-01-27 05:26:19 | ||
Ubuntu 18.04 ELS | quagga | 1.2.4-1 | 7.8 | HIGH | In Testing | 2024-11-26 16:26:54 |