You are here

U-169: Sympa Multiple Security Bypass Vulnerabilities

May 15, 2012 - 7:00am

Addthis

PROBLEM:

Sympa Multiple Security Bypass Vulnerabilities

PLATFORM:

Sympa in versions prior to 6.1.11

ABSTRACT:

Multiple vulnerabilities have been reported in Sympa, which can be exploited by malicious people to bypass certain security restrictions.  

reference LINKS:

Secunia Advisory SA49045
CVE-2012-2352

IMPACT ASSESSMENT:

Medium

Discussion:

The vulnerabilities are caused due to the application allowing access to archive functions without checking credentials. This can be exploited to create, download, and delete an archive.

Impact:

This allows malicious users to bypass security.

Solution:

The vendor has issued an update, version 6.1.11.

Addthis