Note:
This project will be discontinued after December 13, 2021. [more]
2020-04-02
A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1.
Products | Exim |
Type | Improper Link Resolution Before File Access ('Link Following') (CWE-59) Improper Link Resolution Before File Access ('Link Following') (CWE-59) |
First patch | - None (likely due to unavailable code) |
Links |
• http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00010.html
• https://bugzilla.suse.com/show_bug.cgi?id=1154183 |