CVE-2021-44038

CVE-2021-44038

Name

CVE-2021-44038

Description

An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested spec file allow users (with control of the non-root-owned directory /etc/quagga) to escalate their privileges to root upon package installation or update.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugzilla.suse.com/show_bug.cgi?id=1191890
MISC	https://github.com/Quagga/quagga/releases

Type

URI

MISC

https://bugzilla.suse.com/show_bug.cgi?id=1191890

MISC

https://github.com/Quagga/quagga/releases

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:quagga:quagga::::::::`	quagga	>= None	<= 1.2.4

CPE URI

Source package

Min version

Max version

cpe:2.3:a:quagga:quagga:*:*:*:*:*:*:*:*

quagga

>= None

<= 1.2.4

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
quagga	3.14-main	1.2.4-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
quagga	3.13-main	1.2.4-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
quagga	3.12-main	1.2.4-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
quagga	3.11-main	1.2.4-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
quagga	3.15-main	1.2.4-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
quagga	3.16-main	1.2.4-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
quagga	edge-main	1.2.4-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed
quagga	3.17-main	1.2.4-r6	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

quagga

3.14-main

1.2.4-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

quagga

3.13-main