CVE-2020-36772
4.4MEDIUMCloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside
Published: 1/22/2024Updated: 5/30/2025
Description
CloudLinux CageFS 7.0.8-2 or below insufficiently restricts file paths supplied to the sendmail proxy command. This allows local users to read and write arbitrary files of certain file formats outside the CageFS environment.
AI AnalysisPowered by AI
Affected Products
cloudlinuxcagefs
References
- http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Jan/25ExploitMailing ListThird Party Advisory
- https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100Release Notes
- https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands
- http://packetstormsecurity.com/files/176791/CloudLinux-CageFS-7.0.8-2-Insufficiently-Restricted-Proxy-Command.htmlExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2024/Jan/25ExploitMailing ListThird Party Advisory
- https://blog.cloudlinux.com/lve-manager-lve-stats-lve-utils-and-alt-python27-cllib-have-been-rolled-out-to-100Release Notes
- https://github.com/sbaresearch/advisories/tree/public/2020/SBA-ADV-20200707-02_CloudLinux_CageFS_Insufficiently_Restricted_Proxy_Commands