Lucene search
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2441.NASLHistoryNov 10, 2020 - 12:00 a.m.
Debian DLA-2441-1 : sympa security update
2020-11-1000:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
A privilege escalation was discovered in Sympa, a modern mailing list manager. It is fixed when Sympa is used in conjunction with common MTAs (such as Exim or Postfix) by disabling a setuid executable, although no fix is currently available for all environments (such as sendmail). Additionally, an open-redirect vulnerability was discovered and fixed.
CVE-2020-26880
Sympa allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
CVE-2018-1000671
Sympa contains a CWE-601: URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability in The ‘referer’ parameter of the wwsympa.fcgi login action. that can result in Open redirection and reflected XSS via data URIs.
For Debian 9 stretch, these problems have been fixed in version 6.2.16~dfsg-3+deb9u4.
We recommend that you upgrade your sympa packages.
For the detailed security status of sympa please refer to its security tracker page at: https://security-tracker.debian.org/tracker/sympa
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2441-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include("compat.inc");
if (description)
{
script_id(142670);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/20");
script_cve_id("CVE-2018-1000671", "CVE-2020-26880");
script_name(english:"Debian DLA-2441-1 : sympa security update");
script_summary(english:"Checks dpkg output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"A privilege escalation was discovered in Sympa, a modern mailing list
manager. It is fixed when Sympa is used in conjunction with common
MTAs (such as Exim or Postfix) by disabling a setuid executable,
although no fix is currently available for all environments (such as
sendmail). Additionally, an open-redirect vulnerability was discovered
and fixed.
CVE-2020-26880
Sympa allows a local privilege escalation from the sympa user account
to full root access by modifying the sympa.conf configuration file
(which is owned by sympa) and parsing it through the setuid
sympa_newaliases-wrapper executable.
CVE-2018-1000671
Sympa contains a CWE-601: URL Redirection to Untrusted Site ('Open
Redirect') vulnerability in The 'referer' parameter of the
wwsympa.fcgi login action. that can result in Open redirection and
reflected XSS via data URIs.
For Debian 9 stretch, these problems have been fixed in version
6.2.16~dfsg-3+deb9u4.
We recommend that you upgrade your sympa packages.
For the detailed security status of sympa please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/sympa
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/stretch/sympa"
);
script_set_attribute(
attribute:"see_also",
value:"https://security-tracker.debian.org/tracker/source-package/sympa"
);
script_set_attribute(
attribute:"solution",
value:"Upgrade the affected sympa package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26880");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:sympa");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:9.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"9.0", prefix:"sympa", reference:"6.2.16~dfsg-3+deb9u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | sympa | p-cpe:/a:debian:debian_linux:sympa |
| debian | debian_linux | 9.0 | cpe:/o:debian:debian_linux:9.0 |
Related
openvas
openvas
Debian: Security Advisory (DLA-2441-1)
2020-11-10 00:00:00
Debian: Security Advisory (DLA-1512-1)
2018-09-20 00:00:00
Fedora: Security Advisory for sympa (FEDORA-2021-af8fa074ad)
2021-05-09 00:00:00
debian
debian
[SECURITY] [DLA 2441-1] sympa security update
2020-11-09 13:04:02
[SECURITY] [DLA 1512-1] sympa security update
2018-09-21 03:12:08
[SECURITY] [DSA 4818-1] sympa security update
2020-12-23 21:53:10
veracode
veracode
Open Redirection
2020-12-06 03:54:55
osv
osv
sympa - security update
2018-09-21 00:00:00
CVE-2018-1000671
2018-09-06 18:29:00
sympa - security update
2020-11-09 00:00:00
debiancve
debiancve
CVE-2018-1000671
2018-09-06 18:29:00
CVE-2020-26880
2020-10-07 18:15:00
prion
prion
Open redirect
2018-09-06 18:29:00
Design/Logic Flaw
2020-10-07 18:15:00
cve
cve
CVE-2018-1000671
2018-09-06 18:29:00
CVE-2020-26880
2020-10-07 18:15:00
ubuntucve
ubuntucve
CVE-2018-1000671
2018-09-06 00:00:00
CVE-2020-26880
2020-10-07 00:00:00
nuclei
nuclei
Sympa version =>6.2.16 - Cross-Site Scripting
2022-07-19 12:44:46
nessus
nessus
Debian DLA-1512-1 : sympa security update
2018-09-21 00:00:00
Debian DSA-4818-1 : sympa - security update
2020-12-24 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: sympa-6.2.62-1.fc33
2021-05-09 01:16:46
[SECURITY] Fedora 32 Update: sympa-6.2.62-1.fc32
2021-05-09 00:51:31
[SECURITY] Fedora 34 Update: sympa-6.2.62-1.fc34
2021-05-09 01:36:21
ubuntu
ubuntu
Sympa vulnerabilities
2021-03-15 00:00:00
Sympa vulnerabilities
2020-07-28 00:00:00
Related for DEBIAN_DLA-2441.NASL