Local privilege escalation from user wwwrun to root in the packaging of mailman
CVE-2019-3693

7.7HIGH

Key Information:

Vendor
Suse
Status
Suse Linux Enterprise Server 11
Suse Linux Enterprise Server 12
Leap 15.1
Vendor
CVE Published:
24 January 2020

Summary

A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.

Affected Version(s)

Leap 15.1 mailman <= 2.1.29-lp151.2.14

SUSE Linux Enterprise Server 11 mailman < 2.1.15-9.6.15.1

SUSE Linux Enterprise Server 12 mailman < 2.1.17-3.11.1

References

http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://bugzilla.suse.com/show_bug.cgi?id=1154328
x_refsource_CONFIRM

CVSS V3.1

Score:
7.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Johannes Segitz of SUSE
.