Vulnerabilities > CVE-2005-0073 - Unspecified vulnerability in Debian Sympa 3.3.3
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family CGI abuses NASL id SYMPA_QUEUE_UTILITY_PRIV_ESCALATION.NASL description According to its version number, the installation of Sympa on the remote host contains a boundary error in the queue utility when processing command line arguments, which can result in a stack-based buffer overflow. A malicious local user could leverage this issue with a long listname to gain privileges of the last seen 2020-06-01 modified 2020-06-02 plugin id 16387 published 2005-02-14 reporter This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16387 title Sympa src/queue.c queue Utility Local Overflow code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(16387); script_version("1.24"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/12"); script_cve_id("CVE-2005-0073"); script_bugtraq_id(12527); script_name(english:"Sympa src/queue.c queue Utility Local Overflow"); script_summary(english:"Checks sympa version"); script_set_attribute(attribute:"synopsis", value: "The remote web server contains a CGI script that is affected by a local privilege escalation vulnerability."); script_set_attribute(attribute:"description", value: "According to its version number, the installation of Sympa on the remote host contains a boundary error in the queue utility when processing command line arguments, which can result in a stack-based buffer overflow. A malicious local user could leverage this issue with a long listname to gain privileges of the 'sympa' user when the script is run setuid."); script_set_attribute(attribute:"solution", value:"Update to Sympa version 4.1.3 or later."); script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/02/14"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:sympa:sympa"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2020 Tenable Network Security, Inc."); script_family(english:"CGI abuses"); script_dependencies("sympa_detect.nasl"); script_require_keys("Settings/ParanoidReport"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("http_func.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); port = get_http_port(default:80, embedded:TRUE); if(!get_port_state(port))exit(0); # Test an install. install = get_kb_item(string("www/", port, "/sympa")); if (isnull(install)) exit(0); matches = eregmatch(string:install, pattern:"^(.+) under (/.*)$"); if (!isnull(matches)) { ver = matches[1]; if (ver =~ "^(2\.|3\.|4\.0|4\.1\.[012]([^0-9]|$))") { security_warning(port); exit(0); } }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-677.NASL description Erik Sjolund discovered that a support script of sympa, a mailing list manager, is running setuid sympa and vulnerable to a buffer overflow. This could potentially lead to the execution of arbitrary code under the sympa user id. last seen 2020-06-01 modified 2020-06-02 plugin id 16381 published 2005-02-14 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/16381 title Debian DSA-677-1 : sympa - buffer overflow NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_0D9BA03B0DBB42B4AE0F60E27AF78E22.NASL description Erik Sjolund discovered a vulnerability in Sympa. The queue application processes messages received via aliases. It contains a buffer overflow in the usage of sprintf. In some configurations, it may allow an attacker to execute arbitrary code as the sympa user. last seen 2020-06-01 modified 2020-06-02 plugin id 18837 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18837 title FreeBSD : sympa -- buffer overflow in 'queue' (0d9ba03b-0dbb-42b4-ae0f-60e27af78e22)