Sympa Archive Management Permissions Security Bypass Vulnerability
BID:53503
Info
Sympa Archive Management Permissions Security Bypass Vulnerability
| Bugtraq ID: | 53503 |
| Class: | Access Validation Error |
| CVE: |
CVE-2012-2352 |
| Remote: | Yes |
| Local: | No |
| Published: | May 14 2012 12:00AM |
| Updated: | May 21 2012 07:10PM |
| Credit: | Reported by vendor |
| Vulnerable: |
Sympa Sympa 6.1.10 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 |
| Not Vulnerable: |
Sympa Sympa 6.1.11 |
Discussion
Sympa Archive Management Permissions Security Bypass Vulnerability
Sympa is prone to a security-bypass vulnerability.
Attackers without sufficient privileges can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in further attacks.
Versions prior to Sympa 6.1.11 are vulnerable.
Sympa is prone to a security-bypass vulnerability.
Attackers without sufficient privileges can exploit this issue to bypass certain security restrictions and perform unauthorized actions; this may aid in further attacks.
Versions prior to Sympa 6.1.11 are vulnerable.
Exploit / POC
Sympa Archive Management Permissions Security Bypass Vulnerability
Attackers can use readily available tools to exploit this issue.
Attackers can use readily available tools to exploit this issue.
Solution / Fix
Sympa Archive Management Permissions Security Bypass Vulnerability
Solution:
The vendor has released an update. Please see the references for details.
Solution:
The vendor has released an update. Please see the references for details.
References
Sympa Archive Management Permissions Security Bypass Vulnerability
References:
References:
- CVE request: sympa (micah)
- Sympa Change Log (Sympa)
- Sympa Home Page (Sympa)