Sympa queue Utility Local Overflow

2005-02-11T12:12:23
ID OSVDB:13707
Type osvdb
Reporter Erik Sjölund()
Modified 2005-02-11T12:12:23

Description

Vulnerability Description

A local overflow exists in Sympa Mailing List manager. Sympa fails to a boundary error in the queue utility when processing command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentality and/or availability.

Solution Description

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Sympa Mailing List manager. Sympa fails to a boundary error in the queue utility when processing command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentality and/or availability.

References:

Security Tracker: 1013163 Secunia Advisory ID:14224 Secunia Advisory ID:14217 Other Advisory URL: http://www.debian.org/security/2005/dsa-677 CVE-2005-0073