| VID |
21577 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Sympa software, according to its version number, has a buffer overflow in the wwsympa.pl script. Sympa is open source mailing list program for Linux platforms. Sympa versions 3.3.5.1 and earlier are vulnerable to a buffer overflow vulnerability, which can be exploited by remote attackers to overflow the Sympa server. This vulnerability is caused due to a boundary error
in the do_search_list() function in wwsympa.pl script file.
* Note: This check solely relied on the version number of the Sympa software installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=8690
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=165799&repeatmerged=yes
http://listes.cru.fr/mantis/view_bug_page.php?f_id=0000062
* Platforms affected:
Sympa, Sympa versions 3.3.5.1 and earlier
Linux Any version |
| Recommendation |
Upgrade to the latest version of the Sympa (4.1.2 or later), available from the Sympa Web site at http://www.sympa.org |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
