CVE-2021-33393
Summary
| CVE | CVE-2021-33393 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-06-09 22:15:00 UTC |
| Updated | 2022-07-12 17:42:00 UTC |
| Description | lfs/backup in IPFire 2.25-core155 does not ensure that /var/ipfire/backup/bin/backup.pl is owned by the root account. It might be owned by an unprivileged account, which could potentially be used to install a Trojan horse backup.pl script that is later executed by root. Similar problems with the ownership/permissions of other files may be present as well. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Ipfire | Ipfire | All | All | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update141 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update142 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update143 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update144 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update145 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update146 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update147 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update148 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update149 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update150 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update151 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update152 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update155 | All | All |
| Application | Ipfire | Ipfire | 2.25 | core_update156 | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| IPFire 2.25 Remote Code Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| backup: prevent /var/ipfire/backup/bin/backup.pl from being owned by … · ipfire/ipfire-2.x@6769d90 · GitHub | MISC | github.com | |
| Commits · ipfire/ipfire-2.x · GitHub | MISC | github.com | |
| GitHub - MucahitSaratar/ipfire-2-25-auth-rce: ipfire 2.25 authenticated remote code execution | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.