CVE-2021-26720 - OpenCVE

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Avahi	Avahi
Debian	Debian Linux

Configuration 1 [-]

cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:9.0:::::::*
	cpe:2.3:o:debian:debian_linux:10.0:::::::*

No data.

References

Link	Providers
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824
https://bugzilla.suse.com/show_bug.cgi?id=1180827
https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html
https://metadata.ftp-master.debian.org/changelogs/main/a/avahi/avahi_0.8-4_changelog
https://packages.debian.org/bullseye/avahi-daemon
https://packages.debian.org/buster/avahi-daemon
https://packages.debian.org/sid/avahi-daemon
https://security-tracker.debian.org/tracker/CVE-2021-26720
https://www.openwall.com/lists/oss-security/2021/02/15/2

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2021-02-17T21:19:26

Updated: 2024-08-03T20:33:40.829Z

Reserved: 2021-02-05T00:00:00

Link: CVE-2021-26720

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-02-17T22:15:12.710

Modified: 2022-12-06T21:52:34.143

Link: CVE-2021-26720

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-06-07T20:06:12", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://packages.debian.org/buster/avahi-daemon"}, {"tags": ["x_refsource_MISC"], "url": "https://packages.debian.org/sid/avahi-daemon"}, {"tags": ["x_refsource_MISC"], "url": "https://packages.debian.org/bullseye/avahi-daemon"}, {"tags": ["x_refsource_MISC"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-26720"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824"}, {"tags": ["x_refsource_MISC"], "url": "https://metadata.ftp-master.debian.org/changelogs/main/a/avahi/avahi_0.8-4_changelog"}, {"tags": ["x_refsource_MISC"], "url": "https://www.openwall.com/lists/oss-security/2021/02/15/2"}, {"tags": ["x_refsource_MISC"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180827"}, {"name": "[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-26720", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://packages.debian.org/buster/avahi-daemon", "refsource": "MISC", "url": "https://packages.debian.org/buster/avahi-daemon"}, {"name": "https://packages.debian.org/sid/avahi-daemon", "refsource": "MISC", "url": "https://packages.debian.org/sid/avahi-daemon"}, {"name": "https://packages.debian.org/bullseye/avahi-daemon", "refsource": "MISC", "url": "https://packages.debian.org/bullseye/avahi-daemon"}, {"name": "https://security-tracker.debian.org/tracker/CVE-2021-26720", "refsource": "MISC", "url": "https://security-tracker.debian.org/tracker/CVE-2021-26720"}, {"name": "https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824", "refsource": "MISC", "url": "https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824"}, {"name": "https://metadata.ftp-master.debian.org/changelogs/main/a/avahi/avahi_0.8-4_changelog", "refsource": "MISC", "url": "https://metadata.ftp-master.debian.org/changelogs/main/a/avahi/avahi_0.8-4_changelog"}, {"name": "https://www.openwall.com/lists/oss-security/2021/02/15/2", "refsource": "MISC", "url": "https://www.openwall.com/lists/oss-security/2021/02/15/2"}, {"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796", "refsource": "MISC", "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796"}, {"name": "https://bugzilla.suse.com/show_bug.cgi?id=1180827", "refsource": "MISC", "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180827"}, {"name": "[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:33:40.829Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packages.debian.org/buster/avahi-daemon"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packages.debian.org/sid/avahi-daemon"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://packages.debian.org/bullseye/avahi-daemon"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-26720"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://metadata.ftp-master.debian.org/changelogs/main/a/avahi/avahi_0.8-4_changelog"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.openwall.com/lists/oss-security/2021/02/15/2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180827"}, {"name": "[debian-lts-announce] 20220607 [SECURITY] [DLA 3047-1] avahi security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-26720", "datePublished": "2021-02-17T21:19:26", "dateReserved": "2021-02-05T00:00:00", "dateUpdated": "2024-08-03T20:33:40.829Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:avahi:avahi:*:*:*:*:*:*:*:*", "matchCriteriaId": "7960274F-0D6F-4054-8236-145A6430B6CE", "versionEndIncluding": "0.8-4", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product."}, {"lang": "es", "value": "El archivo avahi-daemon-check-dns.sh en el paquete Debian avahi a versiones hasta 0.8-4, es ejecutado como root por medio de /etc/network/if-up.d/avahi-daemon, y permite a un atacante local causar una denegaci\u00f3n de servicio o crear archivos vac\u00edos arbitrarios por medio de un ataque de tipo symlink en archivos bajo /run/avahi-daemon. NOTA: esto solo afecta al empaquetado de Debian GNU/Linux (usado indirectamente por SUSE), no al producto de Avahi previo"}], "id": "CVE-2021-26720", "lastModified": "2022-12-06T21:52:34.143", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-02-17T22:15:12.710", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982796"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1870824"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.suse.com/show_bug.cgi?id=1180827"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/06/msg00009.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://metadata.ftp-master.debian.org/changelogs/main/a/avahi/avahi_0.8-4_changelog"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://packages.debian.org/bullseye/avahi-daemon"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://packages.debian.org/buster/avahi-daemon"}, {"source": "cve@mitre.org", "tags": ["Product", "Third Party Advisory"], "url": "https://packages.debian.org/sid/avahi-daemon"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security-tracker.debian.org/tracker/CVE-2021-26720"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2021/02/15/2"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}