Local Privilege Escalation in GNU Mailutils by GNU
CVE-2019-18862

7.8HIGH

Key Information:

Vendor
Gnu
Status
Mailutils
Vendor
CVE Published:
11 November 2019

Summary

A vulnerability in GNU Mailutils versions prior to 3.8 allows for local privilege escalation due to improper handling of setuid installation in url mode. This may enable a local attacker to gain elevated privileges on the system, potentially compromising the overall system security.

References

https://git.savannah.gnu.org/cgit/mailutils.git/tree/NEWS
x_refsource_MISC
http://packetstormsecurity.com/files/155425/GNU-Mailutils...
x_refsource_MISC
https://security.gentoo.org/glsa/202006-12
vendor-advisoryx_refsource_GENTOO

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.