CVE-2017-5899
Published: 27 March 2017
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
From the Ubuntu Security Team
It was discovered that S-nail incorrectly handled paths. An attacker could possible use this issue to write arbitrary files and escalate privileges.
Priority
Status
Package | Release | Status |
---|---|---|
s-nail Launchpad, Ubuntu, Debian |
trusty |
Does not exist
|
impish |
Not vulnerable
(14.8.16-1)
|
|
artful |
Not vulnerable
(14.8.16-1)
|
|
bionic |
Not vulnerable
(14.8.16-1)
|
|
cosmic |
Not vulnerable
(14.8.16-1)
|
|
disco |
Not vulnerable
(14.8.16-1)
|
|
eoan |
Not vulnerable
(14.8.16-1)
|
|
focal |
Not vulnerable
(14.8.16-1)
|
|
groovy |
Not vulnerable
(14.8.16-1)
|
|
hirsute |
Not vulnerable
(14.8.16-1)
|
|
jammy |
Not vulnerable
(14.8.16-1)
|
|
precise |
Does not exist
|
|
upstream |
Released
(14.8.16-1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Not vulnerable
(14.8.16-1)
|
|
xenial |
Released
(14.8.6-1ubuntu0.1~esm1)
Available with Ubuntu Pro |
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.0 |
Attack vector | Local |
Attack complexity | High |
Privileges required | Low |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5899
- https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
- https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160
- https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf
- https://www.openwall.com/lists/oss-security/2017/01/27/7
- NVD
- Launchpad
- Debian