Lyris List Manager <= 8.8a Multiple Vulnerabilities

High Nessus Network Monitor Plugin ID 3324

Synopsis

The remote host is vulnerable to multiple attack vectors.

Description

The remote host is running Lyris List Manager, a mailing list manager. This version of Lyris is vulnerable to multiple flaws. There is a flaw in the way that Lyris handles SQL queries that an attacker could use to execute arbitrary commands on the backend database. There is a flaw that would allow an attacker to execute arbitrary commands with the permissions of the web server. Finally, there are several flaws that would allow an attacker to access information that was not intended for public consumption. An attacker exploiting these flaws would likely be able to access confidential data and tarnish the integrity of both the web server and the database.

Solution

Upgrade to a version higher than 8.8a.

See Also

http://www.lyris.com/lm

Plugin Details

Severity: High

ID: 3324

Family: CGI

Published: 2005/12/09

Modified: 2016/01/15

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:H/RL:U/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 7.3

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:H/RL:U/RC:X

Reference Information

CVE: CVE-2005-4149, CVE-2005-4143, CVE-2005-4144, CVE-2005-4146, CVE-2005-4147, CVE-2005-4148, CVE-2005-4142

BID: 15786, 15787, 15788, 15789