High severity7.0NVD Advisory· Published Mar 27, 2017· Updated May 13, 2026

CVE-2017-5899

Description

Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.

Affected products

S Nail Project/S Nail
cpe:2.3:a:s-nail_project:s-nail:*:*:*:*:*:*:*:*
Range: <=14.8.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.openwall.com/lists/oss-security/2017/01/27/7nvdExploitMailing ListThird Party Advisory
www.openwall.com/lists/oss-security/2017/02/07/4nvdMailing ListThird Party Advisory
www.securityfocus.com/bid/96138nvdThird Party AdvisoryVDB Entry
www.mail-archive.com/s-nail-users%40lists.sourceforge.net/msg00551.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.001
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000