SB2020122901 - Debian update for sympa

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2020122901

SB2020122901 - Debian update for sympa

Published: December 29, 2020

Security Bulletin ID SB2020122901
Severity
Medium
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 40% Low 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Resource exhaustion (CVE-ID: CVE-2020-9369)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a series of requests with malformed parameters and consume all available disk space by creating temporary files.


2) Improper Privilege Management (CVE-ID: CVE-2020-10936)

The vulnerability allows a local authenticated user to escalate privileges.

The vulnerability exists due to improper management of privileges within the application. A local user can gain elevated privileges via unknown vectors.


3) Incorrect permission assignment for critical resource (CVE-ID: CVE-2020-26932)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to Debian Sympa package sets insecure permissions of 4755 for sympa_newaliases-wrapper. A local user can gain access to sensitive information.


4) Improper Authentication (CVE-ID: CVE-2020-29668)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.


5) OS Command Injection (CVE-ID: CVE-2020-26880)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect default permissions for the sympa.conf configuration file. A local user with access to modify the file (e.g. the sympa user account) can injection and execute arbitrary OS commands in the system with root privileges via the setuid sympa_newaliases-wrapper executable by parsing the modified sympa.conf file.

Remediation

Install update from vendor's website.

References