CVE-2020-8015 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8015 Interim 1 18 2025-02-17T01:36:49Z current 2021-05-30T14:37:38Z 2025-02-17T01:36:49Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8015 A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WJR5MNZSFIS6CLLRASPPRSAP44RXZCZX/ E-Mail link for openSUSE-SU-2020:0491-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UMX36VOLIS2TDKA3MXOUO365NDUK5WQ3/ E-Mail link for openSUSE-SU-2021:0753-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP1 openSUSE Leap 15.1 openSUSE Tumbleweed exim-4.88-lp151.4.12.1 exim-4.94.2-4.2 exim-4.94.2-bp151.2.4.1 eximon-4.88-lp151.4.12.1 eximon-4.94.2-4.2 eximon-4.94.2-bp151.2.4.1 eximstats-html-4.88-lp151.4.12.1 eximstats-html-4.94.2-4.2 eximstats-html-4.94.2-bp151.2.4.1 libspf2-2-1.2.10-bp151.4.1 libspf2-devel-1.2.10-bp151.4.1 libspf2-tools-1.2.10-bp151.4.1 exim-4.94.2-bp151.2.4.1 as a component of SUSE Package Hub 15 SP1 eximon-4.94.2-bp151.2.4.1 as a component of SUSE Package Hub 15 SP1 eximstats-html-4.94.2-bp151.2.4.1 as a component of SUSE Package Hub 15 SP1 libspf2-2-1.2.10-bp151.4.1 as a component of SUSE Package Hub 15 SP1 libspf2-devel-1.2.10-bp151.4.1 as a component of SUSE Package Hub 15 SP1 libspf2-tools-1.2.10-bp151.4.1 as a component of SUSE Package Hub 15 SP1 exim-4.88-lp151.4.12.1 as a component of openSUSE Leap 15.1 eximon-4.88-lp151.4.12.1 as a component of openSUSE Leap 15.1 eximstats-html-4.88-lp151.4.12.1 as a component of openSUSE Leap 15.1 exim-4.94.2-4.2 as a component of openSUSE Tumbleweed eximon-4.94.2-4.2 as a component of openSUSE Tumbleweed eximstats-html-4.94.2-4.2 as a component of openSUSE Tumbleweed A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: openSUSE Factory exim versions prior to 4.93.0.4-3.1. CVE-2020-8015 SUSE Package Hub 15 SP1:exim-4.94.2-bp151.2.4.1 SUSE Package Hub 15 SP1:eximon-4.94.2-bp151.2.4.1 SUSE Package Hub 15 SP1:eximstats-html-4.94.2-bp151.2.4.1 SUSE Package Hub 15 SP1:libspf2-2-1.2.10-bp151.4.1 SUSE Package Hub 15 SP1:libspf2-devel-1.2.10-bp151.4.1 SUSE Package Hub 15 SP1:libspf2-tools-1.2.10-bp151.4.1 openSUSE Leap 15.1:exim-4.88-lp151.4.12.1 openSUSE Leap 15.1:eximon-4.88-lp151.4.12.1 openSUSE Leap 15.1:eximstats-html-4.88-lp151.4.12.1 openSUSE Tumbleweed:exim-4.94.2-4.2 openSUSE Tumbleweed:eximon-4.94.2-4.2 openSUSE Tumbleweed:eximstats-html-4.94.2-4.2 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H