Vulnerability Details CVE-2017-5899
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.4%
CVSS Severity
CVSS v3 Score 7.0
CVSS v2 Score 6.9
References
- http://www.openwall.com/lists/oss-security/2017/01/27/7
- http://www.openwall.com/lists/oss-security/2017/02/07/4
- http://www.securityfocus.com/bid/96138
- https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.html
- http://www.openwall.com/lists/oss-security/2017/01/27/7
- http://www.openwall.com/lists/oss-security/2017/02/07/4
- http://www.securityfocus.com/bid/96138
- https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.html
Products affected by CVE-2017-5899
-
cpe:2.3:a:s-nail_project:s-nail:14.4.5
-
cpe:2.3:a:s-nail_project:s-nail:14.7.11
-
cpe:2.3:a:s-nail_project:s-nail:14.8.3
-
cpe:2.3:a:s-nail_project:s-nail:14.8.4
-
cpe:2.3:a:s-nail_project:s-nail:14.8.5