Sympa 'sympa.pl' Insecure Temporary File Creation Vulnerability Network Vulnerability

Summary

Sympa creates temporary files in an insecure manner. An attacker with local access could potentially exploit this issue to perform symbolic-link attacks, overwriting arbitrary files in the context of the affected application. Successfully mounting a symlink attack may allow the attacker to delete or corrupt sensitive files, which may result in a denial of service. Other attacks may also be possible. Sympa 5.4.3 is vulnerable other versions may also be affected.

Solution

Updates are available. Please see the references for more information.

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969
http://www.securityfocus.com/bid/30727
http://www.sympa.org/
http://www.sympa.org/distribution/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4476

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

AlienForm CGI script
Apache Open For Business HTML injection vulnerability
Annuaire PHP 'sites_inscription.php' Cross Site Scripting Vulnerability
123 Flash Chat Multiple Security Vulnerabilities
Ampache Reflected Cross Site Scripting Vulnerability

Take action and discover your vulnerabilities