Vulnerability Description
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| S-Nail Project | S-Nail | <= 14.8.5 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2017/01/27/7ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/02/07/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/96138Third Party AdvisoryVDB Entry
- https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.html
- http://www.openwall.com/lists/oss-security/2017/01/27/7ExploitMailing ListThird Party Advisory
- http://www.openwall.com/lists/oss-security/2017/02/07/4Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/96138Third Party AdvisoryVDB Entry
- https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.html
FAQ
What is CVE-2017-5899?
CVE-2017-5899 is a vulnerability with a CVSS score of 7.0 (HIGH). Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a ....
How severe is CVE-2017-5899?
CVE-2017-5899 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5899?
Check the references section above for vendor advisories and patch information. Affected products include: S-Nail Project S-Nail.