CVE-2021-25630

Published: Feb 23, 2021

Modified: Sep 16, 2024

PUBLISHED

Description

"loolforkit" is a privileged program that is supposed to be run by a special, non-privileged "lool" user. Before doing anything else "loolforkit" checks, if it was invoked by the "lool" user, and refuses to run with privileges, if it's not the case. In the vulnerable version of "loolforkit" this check was wrong, so a normal user could start "loolforkit" and eventually get local root privileges.

Vendor	Product	Versions
Collabora Productivity	Collabora Online	affected `Collabora Online 4.2 - < 4.2.13` affected `Collabora Online 6.4 - < 6.4.3`
The Document Foundation	LibreOffice Online	affected `unspecified - <= 7.0.1.1`

References

https://github.com/CollaboraOnline/online/security/advisories/GHSA-49w3-gr3w-m68v

x_refsource_MISC

https://www.openwall.com/lists/oss-security/2021/01/18/3

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-25630

Description

Affected Products

References