CVE-2020-35766 — HIGH (7.8)

Q: How severe is CVE-2020-35766?

CVE-2020-35766 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-35766?

Check the references section above for vendor advisories and patch information. Affected products include: Opendkim Opendkim.

Vulnerability Description

The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Opendkim	Opendkim	<= 2.10.3

Related Weaknesses (CWE)

CWE-59

References

https://github.com/trusteddomainproject/OpenDKIM/issues/113ExploitPatchThird Party Advisory
https://github.com/trusteddomainproject/OpenDKIM/issues/113ExploitPatchThird Party Advisory

FAQ

What is CVE-2020-35766?

CVE-2020-35766 is a vulnerability with a CVSS score of 7.8 (HIGH). The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c)...

How severe is CVE-2020-35766?

CVE-2020-35766 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-35766?

Check the references section above for vendor advisories and patch information. Affected products include: Opendkim Opendkim.