330 matches found
Design/Logic Flaw
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
UBUNTU-CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
CVE-2020-26880—Sympa local privilege escalation : Sympa
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
CVE-2020-26880
Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file which is owned by sympa and parsing it through the setuid sympanewaliases-wrapper executable...
PT-2020-16527 · Renaud Bastide Christophe Wolfhugel +1 · Sympa +1
Name of the Vulnerable Software and Affected Versions: Sympa versions through 6.2.57b.2 Description: The issue allows a local privilege escalation from the sympa user account to full root access. This is achieved by modifying the sympa.conf configuration file, which is owned by sympa, and then...
DLA-2401-1 sympa - security update
Bulletin has no description...
The vulnerability in the web interface (wwsympa.fcgi) of the Sympa mailing list manager allows a perpetrator to escalate their privileges.
The vulnerability in the web interface wwsympa.fcgi of the Sympa mailing list manager is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor, operating remotely, to enhance their privileges through specially...
USN-4442-1: Sympa vulnerabilities
Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. CVE-2018-1000550 It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this...
Fedora: Security Advisory for sympa (FEDORA-2020-d767d9077b)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Fedora 32 : sympa (2020-d767d9077b)
Update to sympa 6.2.56. Fixes CVE-2020-10936. For details, see : - https://github.com/sympa-community/sympa/releases/tag/6.2.56 - https://sympa-community.github.io/security/2020-002.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...
[SECURITY] Fedora 32 Update: sympa-6.2.56-1.fc32
Sympa is scalable and highly customizable mailing list manager. It can cope with big lists 200,000 subscribers and comes with a complete user and admin Web interface. It is internationalized, and supports the us, fr, de, es, it, fi, and chinese locales. A scripting language allows you to extend t...
Fedora: Security Advisory for sympa (FEDORA-2020-9b6c969aac)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
[SECURITY] Fedora 31 Update: sympa-6.2.56-1.fc31
Sympa is scalable and highly customizable mailing list manager. It can cope with big lists 200,000 subscribers and comes with a complete user and admin Web interface. It is internationalized, and supports the us, fr, de, es, it, fi, and chinese locales. A scripting language allows you to extend t...
Fedora 31 : sympa (2020-9b6c969aac)
Update to sympa 6.2.56. Fixes CVE-2020-10936. For details, see : - https://github.com/sympa-community/sympa/releases/tag/6.2.56 - https://sympa-community.github.io/security/2020-002.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora upda...
Privilege Escalation
github.com/sympa-community/sympa is vulnerable to privilege escalation. The setuid wrappers does not clear environment variables, potentially allowing a local attacker to gain higher privileges...
Sympa Elevation of Privilege Vulnerability
Sympa is an open source email management list software from the Sympa community. The software supports email management, authentication and access control. A security vulnerability exists in versions prior to Sympa 6.2.56. An attacker can exploit the vulnerability to elevate privileges...
FreeBSD : sympa - Security flaws in setuid wrappers (61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9)
A vulnerability has been discovered in Sympa web interface by which attacker can execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers : - FastCGI wrappers - newaliases wrapper The FastCGI wrappers wwsympa-wrapper.fcgi and sympasoapserver-wrapper.fcgi were used to...
FreeBSD : sympa -- Denial of service caused by malformed CSRF token (9908a1cc-35ad-424d-be0b-7e56abd5931a)
Javier Moreno discovered a vulnerability in Sympa web interface that can cause denial of service DoS attack. By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it...