Vulnerability CVE-2020-26880: Information
Description
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
Severity: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420 |
|
https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235 |
|
https://github.com/sympa-community/sympa/issues/1009 |
|
[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update |
|
FEDORA-2021-a309986711 | |
FEDORA-2021-af8fa074ad | |
FEDORA-2021-aa993dd633 |