CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2024/Jan/25 | Exploit Mailing List Third Party Advisory |
https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100 | Release Notes |
https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2024-01-22T14:11:25.325Z
Updated: 2024-03-28T18:29:04.539Z
Reserved: 2024-01-22T13:33:26.500Z
Link: CVE-2020-36772
JSON object: View
NVD Information
Status : Modified
Published: 2024-01-22T15:15:07.883
Modified: 2024-03-28T19:15:46.887
Link: CVE-2020-36772
JSON object: View
Redhat Information
No data.