Info

Disclosure

Feb 11, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A local overflow exists in Sympa Mailing List manager. Sympa fails to a boundary error in the queue utility when processing command line arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of confidentality and/or availability.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Disclosure: OSVDB Verified

Solution

Upgrade to version 4.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Sympa

4.1.2

References

Security Tracker: 1013163
Secunia Advisory ID: 14217 14224
CVE ID: 2005-0073 (see also: NVD)
Other Advisory URL: http://www.debian.org/security/2005/dsa-677

Credit

Erik Sjölund -

Direct URL: http://osvdb.org/13707