Vulnerability CVE-2020-26880: Information

Description

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-26880
Published: Oct. 7, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-269

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
  • Third Party Advisory
https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
  • Third Party Advisory
https://github.com/sympa-community/sympa/issues/1009
  • Third Party Advisory
[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update
  • Mailing List
  • Third Party Advisory
FEDORA-2021-a309986711
    FEDORA-2021-af8fa074ad
      FEDORA-2021-aa993dd633

          1. Configuration 1

            cpe:2.3:a:sympa:sympa:6.2.57:beta1:*:*:*:*:*:*
            cpe:2.3:a:sympa:sympa:6.2.57:beta2:*:*:*:*:*:*
            cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*
            End including
            6.2.56

            Configuration 2

            cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
            cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

            Configuration 3

            cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
        Version: v24.5.1
        Back to top