Critical

CVE-2007-6319 - Permissions, Privileges, and Access Control vulnerability in Lyris List Manager

Publication: 2008-02-19
Summary

Multiple unspecified vulnerabilities in Lyris ListManager 8.x before 8.95d, 9.2 before 9.2c, and 9.3 before 9.3b allow remote attackers to (1) gain list administrator privileges or (2) access arbitrary mailing lists via unknown vectors related to modification of client-side information; and (3) allow remote authenticated administrators to modify other account data by creating "new accounts that collide with existing accounts."

Classification
CWE-264: Permissions, Privileges, and Access Control

Risk level (CVSS 10)

Critical

10.0

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Lyris List Manager 8.95
  • Lyris List Manager 8.95a
  • Lyris List Manager 8.95b
  • Lyris List Manager 8.95c
  • Lyris List Manager 9.2
  • Lyris List Manager 9.2a
  • Lyris List Manager 9.2b
  • Lyris List Manager 9.3
  • Lyris List Manager 9.3a