CVE-2021-20001
📋 TL;DR
This vulnerability in debian-edu-config versions before 2.12.16 sets insecure permissions for user web shares (~/public_html), allowing local users to escalate privileges by accessing other users' web content. It affects Debian Edu (Skolelinux) installations where user web sharing is enabled. The insecure default configuration makes privilege escalation possible without requiring authentication.
💻 Affected Systems
- debian-edu-config
📦 What is this software?
Debian Edu Config by Skolelinux
⚠️ Risk & Real-World Impact
Worst Case
Local attacker gains unauthorized access to sensitive files in other users' public_html directories, potentially leading to full system compromise through privilege escalation chains.
Likely Case
Unauthorized users can read or modify web content in other users' public_html directories, potentially accessing sensitive information or defacing websites.
If Mitigated
With proper file permissions and access controls, impact is limited to authorized users only accessing their own web content.
🎯 Exploit Status
Exploitation requires local access to the system. The vulnerability is in default configuration settings rather than code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.12.16 and later
Vendor Advisory: https://www.debian.org/security/2022/dsa-5072
Restart Required: No
Instructions:
1. Update debian-edu-config package: sudo apt update && sudo apt install debian-edu-config
2. Verify version is 2.12.16 or later: dpkg -l debian-edu-config
3. Review and adjust existing public_html directory permissions if needed.
🔧 Temporary Workarounds
Manual permission correction
linuxManually set secure permissions on existing public_html directories
find /home -name public_html -type d -exec chmod 0751 {} \;
find /home -name public_html -type d -exec chown :www-data {} \;
🧯 If You Can't Patch
- Disable user web sharing functionality if not required
- Implement strict file permission monitoring and auditing for public_html directories
🔍 How to Verify
Check if Vulnerable:
Check debian-edu-config version: dpkg -l debian-edu-config | grep ^ii | awk '{print $3}' - versions before 2.12.16 are vulnerableCheck Version:
dpkg -l debian-edu-config | grep ^ii | awk '{print $3}'Verify Fix Applied:
Verify version is 2.12.16 or later and check public_html directory permissions: ls -ld ~/public_html📡 Detection & Monitoring
Log Indicators:
- Unauthorized access attempts to public_html directories
- Permission changes to web directories
Network Indicators:
- Unusual web traffic patterns from local users
SIEM Query:
source="auth.log" AND ("permission denied" OR "access denied") AND "public_html"🔗 References
- https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html
- https://lists.debian.org/debian-security-announce/2022/msg00039.html
- https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
- https://www.debian.org/security/2022/dsa-5072
- https://lists.debian.org/debian-lts-announce/2022/02/msg00012.html
- https://lists.debian.org/debian-security-announce/2022/msg00039.html
- https://salsa.debian.org/debian-edu/debian-edu-config/-/commit/4d39a5888d193567704238f8c035f8d17cfe34e5
- https://www.debian.org/security/2022/dsa-5072
