Permissions, Privileges, and Access Controls in mailutils - CVE-2019-18862
Published: June 17, 2020
Vulnerability identifier: #VU29118
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2019-18862
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: mailutils.org
Affected software:
mailutils
mailutils
Detailed vulnerability description
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the maidag is installed setuid and allows local privilege escalation in the url mode.
How to mitigate CVE-2019-18862
Install updates from vendor's website.