Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-22,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| s-nail_project | s-nail | * |