CVE-2020-8015

Published: Apr 2, 2020Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

Affected (1)

Products: Exim: Exim

Exim

1 product

Exim

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Exim Exim	Before 4.93.0.4-3.1

Running on/with	Platform Versions
Opensuse Opensuse	All versions

Related CWEs

CWE-59

Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (4)

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html

Source: meissner@suse.de

https://bugzilla.suse.com/show_bug.cgi?id=1154183

Source: meissner@suse.de

ExploitIssue TrackingVendor Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.suse.com/show_bug.cgi?id=1154183

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingVendor Advisory

Timeline

No history available yet.