Lucene search

UbuntuUSN-4442-2

HistoryMar 15, 2021 - 12:00 a.m.

Sympa vulnerabilities

2021-03-1500:00:00

ubuntu.com

sympa

ubuntu

vulnerabilities

environment variables

root privileges

http requests

xss attacks

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.6

Confidence

High

EPSS

0.003

Percentile

69.9%

JSON

Releases

Ubuntu 20.04 LTS
Ubuntu 18.04 ESM
Ubuntu 16.04 ESM

Packages

sympa - Modern mailing list manager

Details

USN-4442-1 fixed vulnerabilities in Sympa. This update provides the
corresponding updates for Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and Ubuntu
20.04 ESM. Original advisory details:

Nicolas Chatelain discovered that Sympa incorrectly handled environment
variables. An attacker could possibly use this issue with a setuid
binary and gain root privileges. (CVE-2020-10936)

Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP
GET/POST requests. An attacker could possibly use this issue to insert,
edit or obtain sensitive information. This issue only affected Ubuntu 16.04
ESM and Ubuntu 18.04 ESM. (CVE-2018-1000550)

It was discovered that Sympa incorrectly handled URL parameters. An
attacker could possibly use this issue to perform XSS attacks. This issue only
affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. (CVE-2018-1000671)

OSVersionArchitecturePackageVersionFilename
Ubuntu20.04noarchsympa< 6.2.40~dfsg-4ubuntu0.20.04.1~esm1UNKNOWN
Ubuntu20.04noarchsympa< 6.2.40~dfsg-4UNKNOWN
Ubuntu20.04noarchsympa-dbgsym< 6.2.40~dfsg-4UNKNOWN
Ubuntu18.04noarchsympa< 6.2.24~dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu18.04noarchsympa< 6.2.24~dfsg-1UNKNOWN
Ubuntu18.04noarchsympa-dbgsym< 6.2.24~dfsg-1UNKNOWN
Ubuntu16.04noarchsympa< 6.1.24~dfsg-1ubuntu0.1~esm1UNKNOWN
Ubuntu16.04noarchsympa< 6.1.24~dfsg-1UNKNOWN
Ubuntu16.04noarchsympa-dbgsym< 6.1.24~dfsg-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	20.04	noarch	sympa	< 6.2.40~dfsg-4ubuntu0.20.04.1~esm1	UNKNOWN
Ubuntu	20.04	noarch	sympa	< 6.2.40~dfsg-4	UNKNOWN
Ubuntu	20.04	noarch	sympa-dbgsym	< 6.2.40~dfsg-4	UNKNOWN
Ubuntu	18.04	noarch	sympa	< 6.2.24~dfsg-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	18.04	noarch	sympa	< 6.2.24~dfsg-1	UNKNOWN
Ubuntu	18.04	noarch	sympa-dbgsym	< 6.2.24~dfsg-1	UNKNOWN
Ubuntu	16.04	noarch	sympa	< 6.1.24~dfsg-1ubuntu0.1~esm1	UNKNOWN
Ubuntu	16.04	noarch	sympa	< 6.1.24~dfsg-1	UNKNOWN
Ubuntu	16.04	noarch	sympa-dbgsym	< 6.1.24~dfsg-1	UNKNOWN