CVE-2017-5899
Publication date 27 March 2017
Last updated 24 July 2024
Ubuntu priority
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
From the Ubuntu Security Team
It was discovered that S-nail incorrectly handled paths. An attacker could possible use this issue to write arbitrary files and escalate privileges.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| s-nail | 22.04 LTS jammy |
Not affected
|
| 20.04 LTS focal |
Not affected
|
|
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Fixed 14.8.6-1ubuntu0.1~esm1
|
|
| 14.04 LTS trusty | Not in release | |
Get expanded security coverage with Ubuntu Pro
Reduce your average CVE exposure time from 98 days to 1 day with expanded CVE patching, ten-years security maintenance and optional support for the full stack of open-source applications. Free for personal use.
Get Ubuntu ProSeverity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.0 · High
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-4820-1
- S-nail vulnerability
- 15 March 2021
Other references
- https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
- https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160
- https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf
- https://www.openwall.com/lists/oss-security/2017/01/27/7
- https://www.cve.org/CVERecord?id=CVE-2017-5899