parsec: dangerous 777 permissions for /run/parsec
CVE-2021-36781

5.9MEDIUM

Key Information:

Vendor

Opensuse

Status
Vendor
CVE Published:
14 January 2022

What is CVE-2021-36781?

A Incorrect Default Permissions vulnerability in the parsec package of openSUSE Factory allows local attackers to imitate the service leading to DoS or clients talking to an imposter service. This issue affects: openSUSE Factory parsec versions prior to 0.8.1-1.1.

Affected Version(s)

Factory parsec < 0.8.1-1.1

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Matthias Gerstner of SUSE
.