CVE-2020-10936Sympa vulnerability

8 documents4 sources
Severity
9.8CRITICALOSV
No vector
EPSS
0.1%
top 71.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SympaDebian Sympa
Timeline
PublishedMar 15

Description

Title: Sympa vulnerabilities Summary: Several security issues were fixed in Sympa. USN-4442-1 fixed vulnerabilities in Sympa. This update provides the corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu 20.04 ESM. Original advisory details: Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936) Michael Kaczmarczik discovered that Sympa inco

Affected Packages2 packages

debiandebian/sympa< sympa 6.2.40~dfsg-5 (bookworm)
Ubuntusympa/sympa< 6.1.17~dfsg-1ubuntu0.1~esm1+3

🔴Vulnerability Details

2
OSV
sympa vulnerabilities2021-03-15
OSV
sympa vulnerabilities2020-07-28

📋Vendor Advisories

3
Ubuntu
Sympa vulnerabilities2021-03-15
Ubuntu
Sympa vulnerabilities2020-07-28
Debian
CVE-2020-10936: sympa - Sympa before 6.2.56 allows privilege escalation.2020

💬Community

3
Bugzilla
CVE-2020-10936 sympa: allows privilege escalation2020-05-29
Bugzilla
CVE-2020-10936 sympa: allows privilege escalation [epel-all]2020-05-29
Bugzilla
CVE-2020-10936 sympa: allows privilege escalation [fedora-all]2020-05-29
CVE-2020-10936 — Debian Sympa vulnerability | cvebase