Published: 27/05/2020 Updated: 07/11/2023

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Sympa prior to 6.2.56 allows privilege escalation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sympa sympa
fedoraproject fedora 31
fedoraproject fedora 32
debian debian linux 9.0
debian debian linux 10.0
canonical ubuntu linux 14.04

Debian Bug report logs - #961491 CVE-2020-10936: Security flaws in setuid wrappers Package: sympa; Maintainer for sympa is Debian Sympa team <sympa@packagesdebianorg>; Source for sympa is src:sympa (PTS, buildd, popcon) Reported by: "Stefan Hornburg (Racke)" <racke@linuxiade> Date: Mon, 25 May 2020 07:33:02 UTC S ...

Several vulnerabilities were discovered in Sympa, a mailing list manager, which could result in local privilege escalation, denial of service or unauthorized access via the SOAP API Additionally to mitigate CVE-2020-26880 the sympa_newaliases-wrapper is no longer installed setuid root by default A new Debconf question is introduced to allow setui ...

CWE-269 https://sysdream.com/news/lab/https://github.com/sympa-community/sympa/releases https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/https://usn.ubuntu.com/4442-1/https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html https://www.debian.org/security/2020/dsa-4818 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961491 https://www.debian.org/security/2020/dsa-4818 https://nvd.nist.gov

CVE-2020-10936

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect