CVE-2022-31256
sendmail: mail to root privilege escalation via sm-client.pre script
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A Improper Link Resolution Before File Access ('Link Following') vulnerability in a script called by the sendmail systemd service of openSUSE Factory allows local attackers to escalate from user mail to root. This issue affects: SUSE openSUSE Factory sendmail versions prior to 8.17.1-1.1.
Una vulnerabilidad de ResoluciĆ³n de Enlaces Inapropiada Antes del Acceso a Archivos ("Enlace Siguiente") en un script llamado por el servicio systemd de sendmail de openSUSE Factory permite a atacantes locales escalar desde el correo de usuario a root. Este problema afecta a: Las versiones de sendmail de SUSE openSUSE Factory anteriores a la 8.17.1-1.1
An update that solves one vulnerability and has one errata is now available. This update for sendmail fixes the following issues. Fixed mail to root privilege escalation via sm-client.pre script.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2022-05-20 CVE Reserved
- 2022-10-26 CVE Published
- 2025-05-09 CVE Updated
- 2025-07-21 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-59: Improper Link Resolution Before File Access ('Link Following')
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.suse.com/show_bug.cgi?id=1204696 | 2022-10-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Opensuse Search vendor "Opensuse" | Factory Search vendor "Opensuse" for product "Factory" | < 8.17.1-1.1 Search vendor "Opensuse" for product "Factory" and version " < 8.17.1-1.1" | - |
Affected
| ||||||