CVE-2020-10936

HIGH

Sympa <6.2.56 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-10936. PoCs published by tnpitsecurity.

AI-analyzed exploit summary The repository provides a functional exploit for CVE-2020-10936, demonstrating a privilege escalation vulnerability in Sympa's setuid binaries. The exploit leverages environment variable manipulation (PERLLIB/PERL5LIB) to inject malicious Perl modules, escalating privileges from a standard user to root.

Description

Sympa before 6.2.56 allows privilege escalation.

Exploits (1)

github WORKING POC 4 stars
by tnpitsecurity · poc
https://github.com/tnpitsecurity/CVEs/tree/master/CVE-2020-10936

The repository provides a functional exploit for CVE-2020-10936, demonstrating a privilege escalation vulnerability in Sympa's setuid binaries. The exploit leverages environment variable manipulation (PERLLIB/PERL5LIB) to inject malicious Perl modules, escalating privileges from a standard user to root.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Sympa 6.2.54
No auth needed
Prerequisites: Access to a system with vulnerable Sympa installation · Ability to execute binaries in /usr/libexec/sympa/ or /usr/lib/sympa/bin/
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (8)

Core 8
Core References
Third Party Advisory x_refsource_misc
https://sysdream.com/news/lab/
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/sympa-community/sympa/releases
Third Party Advisory vendor-advisory x_refsource_ubuntu
https://usn.ubuntu.com/4442-1/
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4818

Scores

CVSS v3 7.8
EPSS 0.0050
EPSS Percentile 38.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-269
Status published
Products (6)
canonical/ubuntu_linux 14.04
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 31
fedoraproject/fedora 32
sympa/sympa < 6.2.56
Published May 27, 2020
Tracked Since Feb 18, 2026