Published: 27/03/2017 Updated: 07/11/2023

CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

CVSS v3 Base Score: 7 | Impact Score: 5.9 | Exploitability Score: 1

VMScore: 695

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) prior to 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.

Vulnerable Product	Search on Vulmon	Subscribe to Product
s-nail project s-nail

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14816 allows local users to write to arbitrary files and consequently gain root privileges via a (dot dot) in the randstr argument ...

#!/bin/sh # Wrapper for @wapiflapi's s-nail-privgetc local root exploit for CVE-2017-5899 # uses ldsopreload technique # --- # [~] Found privsep: /usr/lib/s-nail/s-nail-privsep # [] Compiling /var/tmp/snailsoc # [] Compiling /var/tmp/shc # [] Compiling /var/tmp/privgetc # [] Adding /var/tmp/snailso to /etc/ldsopreload ...

CWE-22 CWE-362 http://www.securityfocus.com/bid/96138 http://www.openwall.com/lists/oss-security/2017/02/07/4 http://www.openwall.com/lists/oss-security/2017/01/27/7 https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.html https://nvd.nist.gov https://www.exploit-db.com/exploits/47172 https://access.redhat.com/security/cve/cve-2017-5899

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-5899

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect