Debian update for sympa
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2020-9369 CVE-2020-10936 CVE-2020-26932 CVE-2020-29668 CVE-2020-26880 |
| CWE-ID | CWE-400 CWE-269 CWE-732 CWE-287 CWE-78 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
sympa (Debian package) Operating systems & Components / Operating system package or component |
| Vendor | Debian |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Resource exhaustion
EUVDB-ID: #VU49166
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-9369
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can send a series of requests with malformed parameters and consume all available disk space by creating temporary files.
Update sympa package to version 6.2.40~dfsg-1+deb10u1.
Vulnerable software versionssympa (Debian package): 6.2.16~dfsg - 6.2.40~dfsg-6
External linkshttp://www.debian.org/security/2020/dsa-4818
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Privilege Management
EUVDB-ID: #VU47650
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-10936
CWE-ID:
CWE-269 - Improper Privilege Management
Exploit availability: No
DescriptionThe vulnerability allows a local authenticated user to escalate privileges.
The vulnerability exists due to improper management of privileges within the application. A local user can gain elevated privileges via unknown vectors.
Update sympa package to version 6.2.40~dfsg-1+deb10u1.
Vulnerable software versionssympa (Debian package): 6.2.16~dfsg - 6.2.40~dfsg-6
External linkshttp://www.debian.org/security/2020/dsa-4818
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Incorrect permission assignment for critical resource
EUVDB-ID: #VU49167
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26932
CWE-ID:
CWE-732 - Incorrect Permission Assignment for Critical Resource
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to Debian Sympa package sets insecure permissions of 4755 for sympa_newaliases-wrapper. A local user can gain access to sensitive information.
Update sympa package to version 6.2.40~dfsg-1+deb10u1.
Vulnerable software versionssympa (Debian package): 6.2.16~dfsg - 6.2.40~dfsg-6
External linkshttp://www.debian.org/security/2020/dsa-4818
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Authentication
EUVDB-ID: #VU49168
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-29668
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests. A remote attacker can bypass authentication process and obtain full SOAP API access by sending any arbitrary string (except one from an expired cookie) as the cookie value to authenticateAndRun.
MitigationUpdate sympa package to version 6.2.40~dfsg-1+deb10u1.
Vulnerable software versionssympa (Debian package): 6.2.16~dfsg - 6.2.40~dfsg-6
External linkshttp://www.debian.org/security/2020/dsa-4818
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) OS Command Injection
EUVDB-ID: #VU47651
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-26880
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect default permissions for the sympa.conf configuration file. A local user with access to modify the file (e.g. the sympa user account) can injection and execute arbitrary OS commands in the system with root privileges via the setuid sympa_newaliases-wrapper executable by parsing the modified sympa.conf file. MitigationUpdate sympa package to version 6.2.40~dfsg-1+deb10u1.
Vulnerable software versionssympa (Debian package): 6.2.16~dfsg - 6.2.40~dfsg-6
External linkshttp://www.debian.org/security/2020/dsa-4818
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
