sendmail: mail to root privilege escalation via sm-client.pre script
CVE-2022-31256

7.7HIGH

Key Information:

Vendor: Suse
Status: Opensuse Factory
Vendor: CVE Published:; 26 October 2022

What is CVE-2022-31256?

A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.

Affected Version(s)

openSUSE Factory sendmail < 8.17.1-1.1

References

https://bugzilla.suse.com/show_bug.cgi?id=1204696

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 26, 2022
Vulnerability Reserved
May 20, 2022

Credit

Matthias Gerstner and Filippo Bonazzi from SUSE

Suse

What is CVE-2022-31256?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit