CVE-2020-8015 (NVD)

2020-04-02

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.

Products Exim
Type Improper Link Resolution Before File Access ('Link Following') (CWE-59)
Improper Link Resolution Before File Access ('Link Following') (CWE-59)
First patch - None (likely due to unavailable code)
Links http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html
https://bugzilla.suse.com/show_bug.cgi?id=1154183