Sympa Wwsympa Do_search_list Overflow DoS Network Vulnerability

Summary

The remote host is running SYMPA, an open source mailing list software. This version of Sympa has a flaw in one of it's scripts (wwsympa.pl) which would allow a remote attacker to overflow the sympa server. Specifically, within the cgi script wwsympa.pl is a do_search_list function which fails to perform bounds checking. An attacker, passing a specially formatted long string to this function, would be able to crash the remote sympa server. At the time of this writing, the attack is only known to cause a Denial of Service (DoS).

Solution

Update to version 4.1.2 or newer

References

http://www.sympa.org/

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

AlienForm CGI script
Apache Tomcat Login Constraints Security Bypass Vulnerability
Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
Apache Struts2 showcase namespace XSS Vulnerability
AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities

Sympa wwsympa do_search_list Overflow DoS

Take action and discover your vulnerabilities