FreeBSD : mail/sympa* -- Multiple vulnerabilities in Sympa archive management (de6d8290-aef7-11e1-898f-14dae938ec40)

high Nessus Plugin ID 59382

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

David Verdin reports :

Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms.

This vulnerability allows the attacker to :

- display the archives management page ('arc_manage')

- download the list's archives

- delete the list's archives

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?5626caef

http://www.nessus.org/u?d4688a65

Plugin Details

Severity: High

ID: 59382

File Name: freebsd_pkg_de6d8290aef711e1898f14dae938ec40.nasl

Version: 1.8

Type: local

Published: 6/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:sympa, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 6/5/2012

Vulnerability Publication Date: 5/15/2012