Lucene search

K

GoogleOSV:CVE-2020-26880

HistoryOct 07, 2020 - 6:15 p.m.

CVE-2020-26880

2020-10-0718:15:12

Google

osv.dev

10

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.6%

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

References

github.com/sympa-community/sympa/issues/1009

github.com/sympa-community/sympa/issues/943#issuecomment-704779420

github.com/sympa-community/sympa/issues/943#issuecomment-704842235

lists.debian.org/debian-lts-announce/2020/11/msg00015.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/

AI Score

6.8

Confidence

High

EPSS

0

Percentile

15.6%

Related for OSV:CVE-2020-26880

fedora3 debiancve1 openvas6 cvelist1 prion1 ubuntucve1 nvd1 cve1 nessus2 debian3