CVE-2021-35939 : It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: th

It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Published 2022-08-26 16:15:09

Updated 2023-02-04 01:16:52

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2021-35939

Redhat » Enterprise Linux » Version: 8.0
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Matching versions
RPM » RPM
Versions before (<) 4.18
cpe:2.3:a:rpm:rpm:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2021-35939

EPSS FAQ

0.12%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 33 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2021-35939

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
6.7	MEDIUM	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2021-35939

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.
Assigned by:
- nvd@nist.gov (Secondary)
- secalert@redhat.com (Primary)

References for CVE-2021-35939

https://access.redhat.com/security/cve/CVE-2021-35939

CVE-2021-35939- Red Hat Customer Portal
Third Party Advisory
https://github.com/rpm-software-management/rpm/commit/96ec957e281220f8e137a2d5eb23b83a6377d556

Validate intermediate symlinks during installation, CVE-2021-35939 · rpm-software-management/rpm@96ec957 · GitHub
Patch;Third Party Advisory
https://rpm.org/wiki/Releases/4.18.0

rpm.org - Releases
Release Notes;Vendor Advisory

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1964129

1964129 – (CVE-2021-35939) CVE-2021-35939 rpm: checks for unsafe symlinks are not performed for intermediary directories
Exploit;Issue Tracking;Third Party Advisory
https://github.com/rpm-software-management/rpm/pull/1919

First steps towards fixing the symlink CVEs by pmatilai · Pull Request #1919 · rpm-software-management/rpm · GitHub
Patch;Third Party Advisory

CVEs referencing this url
https://security.gentoo.org/glsa/202210-22

RPM: Multiple Vulnerabilities (GLSA 202210-22) — Gentoo security
Third Party Advisory

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2021-35939

Products affected by CVE-2021-35939

Exploit prediction scoring system (EPSS) score for CVE-2021-35939

CVSS scores for CVE-2021-35939

CWE ids for CVE-2021-35939

References for CVE-2021-35939