mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 19:16:22 +00:00
996 B
996 B
CVE-2020-26880
Description
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
POC
Reference
- https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
- https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420
- https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235
- https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235