QwikSec

Security Database

CVE

CWE

Training

CVE-2020-26880

Published: Oct 7, 2020

Modified: Aug 4, 2024

PUBLISHED

Description

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/sympa-community/sympa/issues/1009

x_refsource_MISC

https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420

x_refsource_MISC

https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235

x_refsource_MISC

[debian-lts-announce] 20201109 [SECURITY] [DLA 2441-1] sympa security update

mailing-list

x_refsource_MLIST

FEDORA-2021-a309986711

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-af8fa074ad

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-aa993dd633

vendor-advisory

x_refsource_FEDORA

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.