CVE-2021-44038

Updated: 2024-11-24 05:36:51.122553

Description:

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x HIGH 7.2
CVSS Version 3.x HIGH 7.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 6 ELS quagga 0.99.15 7.8 HIGH Released CLSA-2022:1643112395 2022-05-05 12:04:24
CloudLinux 6 ELS quagga 0.99.15 7.8 HIGH Released CLSA-2022:1643113500 2022-02-02 11:41:07
Oracle Linux 6 ELS quagga 0.99.15 7.8 HIGH Released CLSA-2022:1643113123 2022-01-25 11:19:53
Ubuntu 16.04 ELS quagga 0.99.24.1-2 7.8 HIGH Not Vulnerable 2022-01-27 05:26:19
Ubuntu 18.04 ELS quagga 1.2.4-1 7.8 HIGH In Testing 2024-11-26 16:26:54