vulnerability

Red Hat: CVE-2021-25317: cups: insecure permissions of /var/log/cups allows for symlink attacks

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:L/Au:N/C:N/I:P/A:N)	May 5, 2021	Jul 9, 2025	Jul 9, 2025

Severity

CVSS

(AV:L/AC:L/Au:N/C:N/I:P/A:N)

Published

May 5, 2021

Added

Jul 9, 2025

Modified

Jul 9, 2025

Description

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.

Solution

no-fix-redhat-rpm-package

References

NVD-CVE-2021-25317

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today