CVE-2021-25317

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-25317
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25317.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-25317
Downstream
Related
Published
2021-05-05T10:15:08.133Z
Modified
2026-03-17T22:49:50.093625Z
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

A Incorrect Default Permissions vulnerability in the packaging of cups of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Leap 15.2, Factory allows local attackers with control of the lp users to create files as root with 0644 permissions without the ability to set the content. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS cups versions prior to 1.3.9. SUSE Manager Server 4.0 cups versions prior to 2.2.7. SUSE OpenStack Cloud Crowbar 9 cups versions prior to 1.7.5. openSUSE Leap 15.2 cups versions prior to 2.2.7. openSUSE Factory cups version 2.3.3op2-2.1 and prior versions.

References

Affected packages

Git / github.com/OpenPrinting/cups

Affected ranges

Type
GIT
Repo
https://github.com/OpenPrinting/cups
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
f8e258e65590afa11b3b838cd259c1630a1a0499
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
84c97c051db7de61342461b6333a6bf31830535e
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
84c97c051db7de61342461b6333a6bf31830535e
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.3.9"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.7"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "1.7.5"
        },
        {
            "introduced": "0"
        },
        {
            "fixed": "2.2.7"
        }
    ]
}

Affected versions

release-1.*
release-1.7.1
release-1.7.2
release-1.7.3
release-1.7.4
v2.*
v2.2.0
v2.2.1
v2.2.2
v2.2.3
v2.2.4
v2.2.5
v2.2.6
v2.2b1
v2.2b2
v2.2rc1

Database specific

vanir_signatures 
[
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-0a311622",
        "source": "https://github.com/OpenPrinting/cups/commit/84c97c051db7de61342461b6333a6bf31830535e",
        "target": {
            "file": "cups/tls-sspi.c"
        },
        "digest": {
            "line_hashes": [
                "307112985279991925978928331515558282314",
                "270328792713347568986596821201742819144",
                "154300331090283382335220506091614991562",
                "5522954627274384845318991347701948719",
                "268142757520210058989685695317762607199",
                "81082141193145222630199689536318495596",
                "134910290044528435892823624105212925549",
                "150305668582522756238889283356109015414",
                "137612675822626733142983651723753719278",
                "36625407990571594872305357589419475728",
                "84240418630299097288820502328923464445",
                "168012736320361304367213163699327014115",
                "239498668436469030861996509910774643590",
                "275162306035858992123749550769503102320",
                "175225299305699730400317490442049395946",
                "62251708451964664153535214208131203287",
                "61323042436492022822327855738640716855",
                "163119724495973263728127018702537012615"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-33f2f4c0",
        "source": "https://github.com/OpenPrinting/cups/commit/b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571",
        "target": {
            "file": "scheduler/client.c",
            "function": "pipe_command"
        },
        "digest": {
            "length": 6688.0,
            "function_hash": "328725108715556028825553205185040331498"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-58e24b41",
        "source": "https://github.com/OpenPrinting/cups/commit/b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571",
        "target": {
            "file": "backend/lpd.c"
        },
        "digest": {
            "line_hashes": [
                "107434805802401596869135879658761186620",
                "64089697462796517452558244006253532156",
                "80784619067771058005689044994872595924",
                "34000551011340135656503796243610736014",
                "231591630948396174393556616680980131317",
                "20927696405817849831518107552102089672"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-6a16a397",
        "source": "https://github.com/OpenPrinting/cups/commit/b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571",
        "target": {
            "file": "cups/cups.h"
        },
        "digest": {
            "line_hashes": [
                "303003890556766610888866419304462353612",
                "291756090946273470268552641955786967954",
                "68591482098550456487232219042758121830",
                "4388077441778181441544835706480494185",
                "171373683608698246604133543052171505769",
                "21982286761353577973948743191797741367",
                "143848903433225557252889511556677097719",
                "67769230696771806565077967946060306036",
                "300047019403988043631328124249423493925"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-78894776",
        "source": "https://github.com/OpenPrinting/cups/commit/b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571",
        "target": {
            "file": "scheduler/client.c",
            "function": "get_file"
        },
        "digest": {
            "length": 4195.0,
            "function_hash": "214292570993240516196652283700475674138"
        },
        "signature_type": "Function"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-832af3bd",
        "source": "https://github.com/OpenPrinting/cups/commit/b60086f8ae7ff126ecb97cf6d400d6d4a5c6f571",
        "target": {
            "file": "scheduler/client.c"
        },
        "digest": {
            "line_hashes": [
                "205053352418563305066376613023913391755",
                "236096870823453752371163536091485573199",
                "33469241390025520948898365181119731353",
                "74796881880574395968505195768448230358",
                "298704375991029327226813889516672863478",
                "130648743308369052246457664912772543682",
                "70359655328521758953970458861522977589",
                "236141880076909538187338729999518553293",
                "94489074228759981596691939006713876952",
                "37771704108704844086637151182755781625",
                "213093979539852402451663820400269135459",
                "140171898257660116545321247883091303349",
                "22134995000517498851207654545830135713",
                "261420178153917990616019784023445231849",
                "145768033256937380757793104804232350409",
                "117014198786337056833377990944308879588",
                "10787011323854894338203914747323955604",
                "23906996173424717924297765068616328403",
                "82621228629625733641723185394765027467",
                "158310861266317731513230211526126833664",
                "262562802913915756810586927197641626628",
                "153244241286383495427414977135017050005",
                "59411815062431510943226597046382235474",
                "93826797561820227921471851537182943536",
                "277209514393940866363041561340556106550",
                "55365029189114665913559233890948950165",
                "58013747865801902319794588508755375640",
                "129960777116059267426962715060589158804",
                "246663886281287416165591872568476949718",
                "126509230900213812958937864519795447299",
                "29501238794513180549363339331517061327",
                "117331457220768562190658665453723011084",
                "42830302530645333124875636945398675074",
                "5147506907661557941071239616101167675",
                "295630420337395812077490169751693807035",
                "294661571550466008325733524759109640361",
                "142769251559566996019163223424114166616",
                "266425759762152555433529795719635405830",
                "56823427778363356677761159163796143355",
                "228161264602696214147123693250296049680",
                "223117588270997888478669665686335360875",
                "26042855436298978414368911426586979130",
                "317885890309417803404131829706357180436",
                "298608402955908542857391437732551243430",
                "184167844662185262293848697929833420092"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "id": "CVE-2021-25317-faf6a910",
        "source": "https://github.com/OpenPrinting/cups/commit/84c97c051db7de61342461b6333a6bf31830535e",
        "target": {
            "file": "cups/tls-sspi.c",
            "function": "http_sspi_find_credentials"
        },
        "digest": {
            "length": 4126.0,
            "function_hash": "66433352038440194085195916483764431607"
        },
        "signature_type": "Function"
    }
]
unresolved_ranges 
[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "32"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "33"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "34"
            }
        ]
    },
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "2.3.3op2-2.1"
            }
        ]
    }
]
source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-25317.json"