Privilege escalation - #VU39
Published: June 28, 2016 / Updated: November 22, 2018
Vulnerability identifier: #VU39
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: N/A
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor:
Affected software:
Detailed vulnerability description
The vulnerability allows a remote authenticated user to gain root privileges.
The vulnerability exists due to error in /scripts/addpop, /scripts/delpop, /scripts/checkinfopages, /scripts/maildir_converter, /scripts/unsuspendacct and /scripts/enablefileprotect scripts, which may lead to root’s TTY exposure. A remote authenticated attacker might be able to gain full access to root TTY.
Successful exploitation of this vulnerability may result in remote code execution with root privileges.
Remediation
Install the latest version 11.56.0.15, 11.54.0.24, 11.52.6.1 or 11.50.6.2.