Candidate: CVE-2021-44513
PublicDate: 2021-12-07 03:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44513
 https://www.openwall.com/lists/oss-security/2021/12/06/2
 https://bugzilla.suse.com/show_bug.cgi?id=1189388
 https://github.com/tmate-io/tmate-ssh-server/commit/1c020d1f5ca462f5b150b46a027aaa1bbe3c9596
Description:
 Insecure creation of temporary directories in tmate-ssh-server 2.3.0 allows
 a local attacker to compromise the integrity of session handling.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001225
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]


Patches_tmate-ssh-server:
upstream_tmate-ssh-server: needs-triage
trusty_tmate-ssh-server: ignored (out of standard support)
xenial_tmate-ssh-server: ignored (out of standard support)
bionic_tmate-ssh-server: DNE
focal_tmate-ssh-server: DNE
hirsute_tmate-ssh-server: ignored (reached end-of-life)
impish_tmate-ssh-server: needed
jammy_tmate-ssh-server: needed
devel_tmate-ssh-server: needed