CVE-2017-5899
published 2017-03-27CVE-2017-5899: Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and…
PriorityP341high7CVSS 3.0
AVLACHPRLUINSUCHIHAH
EXPLOIT
EPSS
1.01%
58.9th percentile
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | s-nail | < s-nail 14.8.16-1 (bookworm) | s-nail 14.8.16-1 (bookworm) |
| s-nail_project | s-nail | <= 14.8.5 | — |
| s-nail_project | s-nail | >= 0 < 14.8.16-1 | 14.8.16-1 |
| s-nail_project | s-nail | >= 0 < 14.8.16-1 | 14.8.16-1 |
| s-nail_project | s-nail | >= 0 < 14.8.16-1 | 14.8.16-1 |
| s-nail_project | s-nail | >= 0 < 14.8.16-1 | 14.8.16-1 |
CVSS provenance
nvdv3.07.0HIGHCVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
osv7.0HIGH
vendor_debian7.0HIGH
vendor_redhat7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-42jr-32cj-2c5c: Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14
ghsa_unreviewed·2022-05-17
CVE-2017-5899 [HIGH] CWE-22 GHSA-42jr-32cj-2c5c: Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
OSV
CVE-2017-5899: Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14
osv·2017-03-27·CVSS 7.0
CVE-2017-5899 [HIGH] CVE-2017-5899: Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
Ubuntu
S-nail vulnerability
vendor_ubuntu·2021-03-15
CVE-2017-5899 S-nail vulnerability
Title: S-nail vulnerability
Summary: S-nail could be made to overwrite files as the administrator.
It was discovered that S-nail incorrectly handled paths. An attacker could
possible use this issue to write arbitrary files and escalate privileges.
Instructions: In general, a standard system update will make all the necessary changes.
Red Hat
s-nail: privsep helper local privilege escalation
vendor_redhat·2017-01-27·CVSS 7.0
CVE-2017-5899 [HIGH] s-nail: privsep helper local privilege escalation
s-nail: privsep helper local privilege escalation
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
Package: mailx (Red Hat Enterprise Linux 5) - Not affected
Package: mailx (Red Hat Enterprise Linux 6) - Not affected
Package: mailx (Red Hat Enterprise Linux 7) - Not affected
Debian
CVE-2017-5899: s-nail - Directory traversal vulnerability in the setuid root helper binary in S-nail (la...
vendor_debian·2017·CVSS 7.0
CVE-2017-5899 [HIGH] CVE-2017-5899: s-nail - Directory traversal vulnerability in the setuid root helper binary in S-nail (la...
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
Scope: local
bookworm: resolved (fixed in 14.8.16-1)
bullseye: resolved (fixed in 14.8.16-1)
forky: resolved (fixed in 14.8.16-1)
sid: resolved (fixed in 14.8.16-1)
trixie: resolved (fixed in 14.8.16-1)
No detection rules found.
http://www.openwall.com/lists/oss-security/2017/01/27/7http://www.openwall.com/lists/oss-security/2017/02/07/4http://www.securityfocus.com/bid/96138https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.htmlhttp://www.openwall.com/lists/oss-security/2017/01/27/7http://www.openwall.com/lists/oss-security/2017/02/07/4http://www.securityfocus.com/bid/96138https://www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.html
2017-03-27
Published