CVE-2020-26880

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

CVSS v3 7.8 HIGH
CVSS v2.0 7.2 HIGH

7.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2^/10

CVSS v2.0 : HIGH

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://github.com/sympa-community/sympa/issues/1009	Third Party Advisory
https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420	Third Party Advisory
https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html	Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sympa:sympa::::::::
	cpe:2.3:a:sympa:sympa:6.2.57:beta1::::::
	cpe:2.3:a:sympa:sympa:6.2.57:beta2::::::

Configuration 2 (hide)

OR	cpe:2.3:o:fedoraproject:fedora:32:::::::*
	cpe:2.3:o:fedoraproject:fedora:33:::::::*
	cpe:2.3:o:fedoraproject:fedora:34:::::::*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2020-10-07 18:15

Updated : 2024-02-04 21:23

NVD link : CVE-2020-26880

Mitre link : CVE-2020-26880

CVE.ORG link : CVE-2020-26880

JSON object : View

Products Affected

sympa

sympa

debian

debian_linux

fedoraproject

fedora

CWE

CWE-269

Improper Privilege Management

{"id": "CVE-2020-26880", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.8}]}, "published": "2020-10-07T18:15:12.133", "references": [{"url": "https://github.com/sympa-community/sympa/issues/1009", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704779420", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/sympa-community/sympa/issues/943#issuecomment-704842235", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5CUVLHGWCDA6B2NH467ZMKL6O2NGLQZN/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/B5MFWWYY4TSQAXBWZ6SBFX43BLUL3WWI/", "source": "cve@mitre.org"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E2TKOL454ZKKLQCUSUPNEZ52WELN4OAH/", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-269"}]}], "descriptions": [{"lang": "en", "value": "Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable."}, {"lang": "es", "value": "Sympa versiones hasta 6.2.57b.2, permite una escalada de privilegios local desde la cuenta de usuario sympa hacia el acceso root completo mediante la modificaci\u00f3n del archivo de configuraci\u00f3n sympa.conf (que es propiedad de sympa) y analiz\u00e1ndolo por medio del ejecutable sympa_newaliases-wrapper de setuid"}], "lastModified": "2023-11-07T03:20:45.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sympa:sympa:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "371839E1-FA43-4288-9396-414A8D4E3A8B", "versionEndIncluding": "6.2.56"}, {"criteria": "cpe:2.3:a:sympa:sympa:6.2.57:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2038196F-EF30-49EF-8D4D-CFB0F3F6D931"}, {"criteria": "cpe:2.3:a:sympa:sympa:6.2.57:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1737DC9-FCAF-4EB6-8480-6C99AE992A3D"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}