Bug ID 1180428
Summary VUL-1: CVE-2020-35766: opendkim: symlink attack inside test suite in libopendkim
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.2
Hardware Other
URL https://smash.suse.de/issue/274130/
OS Other
Status NEW
Severity Minor
Priority P5 - None
Component Basesystem
Assignee rpm@fthiessen.de
Reporter abergmann@suse.com
QA Contact security-team@suse.de
Found By Security Response Team
Blocker ---

CVE-2020-35766

The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to
gain privileges via a symlink attack against the /tmp/testkeys file (related to
t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons
who choose to engage in the "A number of self-test programs are included here
for unit-testing the library" situation.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-35766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35766
https://github.com/trusteddomainproject/OpenDKIM/issues/113


You are receiving this mail because: