PROBLEM:
Sympa Multiple Security Bypass Vulnerabilities
PLATFORM:
Sympa in versions prior to 6.1.11
ABSTRACT:
Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.
reference LINKS:
Secunia Advisory SA49045
CVE-2012-2352
IMPACT ASSESSMENT:
Medium
Discussion:
The vulnerabilities are caused due to the application allowing access to archive functions without checking credentials. This can be exploited to create, download, and delete an archive.
Impact:
This allows malicious users to bypass security.
Solution:
The vendor has issued an update, version 6.1.11.