A symlink following vulnerability in the packaging of mailman in SUSE Linux Enterprise Server 11, SUSE Linux Enterprise Server 12; openSUSE Leap 15.1 allowed local attackers to escalate their privileges from user wwwrun to root. Additionally arbitrary files could be changed to group mailman. This issue affects: SUSE Linux Enterprise Server 11 mailman versions prior to 2.1.15-9.6.15.1. SUSE Linux Enterprise Server 12 mailman versions prior to 2.1.17-3.11.1. openSUSE Leap 15.1 mailman version 2.1.29-lp151.2.14 and prior versions.
2020-01-24T10:15:12.053
2024-11-21T04:42:20.753
Modified
CVSSv3.1: 7.7 (HIGH)
AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | suse | mailman | < 2.1.15-9.6.15.1 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | No |
| Application | suse | mailman | < 2.1.17-3.11.1 | Yes |
| Operating System | suse | linux_enterprise_server | 12 | No |
| Application | suse | mailman | ≤ 2.1.29-lp151.2.14 | Yes |
| Operating System | opensuse | leap | 15.1 | No |
| Application | opensuse | backports_sle | 15.0 | Yes |