This issue can be exploited by an unprivileged user via a symlink attack on /usr/lib/systemd/system/watchman.service. This can be leveraged by persuading a user to install a malicious package, for example by installing a pkzip archive. After the installation, the user can be tricked into visiting a malicious website, for example by sending the user a link to an email, or posting a link on social media. An attacker can also send a user a specially-crafted email, or send a malicious package via PIP to the installed user. The attacker can also send a user a specially-crafted package via PIP. A successful exploit can result in local privilege escalation and/or installation of arbitrary system packages. This can be leveraged by an attacker to install arbitrary system packages, for example a backdoor. This issue affects: openSUSE Leap 42.3 watchman versions prior to 5.0.1. openSUSE Leap 15 watchman versions prior to 5.0.1-23.1. openSUSE Leap 42.1 watchman versions prior to 5.0.1-10.1. openSUSE Tumbleweed watchman versions prior to 5.0.1-10.1. openSUSE Leap 42.2 watchman versions prior to 5.0.1-10.1. openSUSE Leap 15 watchman versions prior to 5.0
Summary
CVE-2022-21944 is a remote code execution vulnerability caused by incorrect handling of symlink attacks on the watchman service. This issue affects openSUSE Leap 42.3, 15, 42.1, Tumbleweed and Leap 42.2.
The exploitation of this vulnerability can lead to local privilege escalation and/or installation of arbitrary system packages. This can be leveraged by an attacker to install a backdoor payload in order to gain access to sensitive information or systems.
CVE-2022-21943
This issue can be exploited by an unprivileged user via a symlink attack on /usr/lib/systemd/system/watchman.service. This can be leveraged by persuading a user to install a malicious package, for example by installing a pkzip archive. After the installation, the user can be tricked into visiting a malicious website, for example by sending the user a link to an email, or posting a link on social media. An attacker can also send a user a specially-crafted email, or send a malicious package via PIP to the installed user. The attacker can also send a user a specially-crafted package via PIP. A successful exploit can result in local privilege escalation and/or installation of arbitrary system packages. This can be leveraged by an attacker to install arbitrary system packages, for example a backdoor. This issue affects: openSUSE Leap 42.3 watchman versions prior to 5.0.1-23.1. openSUSE Leap 15 watchman versions prior to 5.0-10-23
The importance of digital marketing: 6 reasons why digital marketing is important
Impact
This issue can be exploited by an unprivileged user via a symlink attack on /usr/lib/systemd/system/watchman.service. This can be leveraged by persuading a user to install a malicious package, for example by installing a pkzip archive.
Solution overview
The problem can be mitigated by restricting the installation of packages that contain a symlink to /usr/lib/systemd/system/watchman.service. openSUSE has taken actions to mitigate this issue on Leap 42.3, Leap 15, and Tumbleweed, as well as older versions of openSUSE via SUSEP ending with 42.1, 42.2, and 43.
Timeline
Published on: 01/26/2022 09:15:00 UTC
Last modified on: 02/03/2022 15:23:00 UTC