Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Sympa <= 5.4.3 sympa.pl Local File Overwrite

Medium

Synopsis

The remote host is vulnerable to a local flaw in an application that handles local files.

Description

The remote host is running Sympa, an open-source mailing list software application.

This version of Sympa is vulnerable to a flaw due to the way that sympa.pl creates files when the '--make_alias_file' option is used. An attacker exploiting this flaw would need local access. Successful exploitation would result in the attacker overwriting local files which the Sympa application had permissions on.

Solution

Upgrade to a version higher than 5.4.3.