CVE-2020-8015: Local privilege escalation in exim package from user mail to root
First published: Thu Apr 02 2020(Updated: )
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Exim Exim | <4.93.0.4-3.1 | |
| openSUSE |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-8015.
What is the title of this vulnerability?
The title of this vulnerability is 'A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory'.
What is the severity of CVE-2020-8015?
The severity of CVE-2020-8015 is high with a CVSS score of 7.8.
What software is affected by CVE-2020-8015?
The Exim versions prior to 4.93.0.4-3.1 in openSUSE Factory are affected.
How can a local attacker exploit CVE-2020-8015?
A local attacker can exploit CVE-2020-8015 to escalate from user mail to root by following a symbolic link.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/exim
- canonical/exim exim
- vendor/opensuse
- canonical/opensuse