CVE-2008-4476 - Vulnerability Details - OpenCVE

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Sympa	Sympa

Configuration 1 [-]

cpe:2.3:a:sympa:sympa:5.3.4:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/496405
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969
http://dev.gentoo.org/~rbu/security/debiantemp/sympa
http://lists.debian.org/debian-devel/2008/08/msg00312.html
http://secunia.com/advisories/31458
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30727
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44499

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-10-07T21:00:00

Updated: 2024-08-07T10:17:09.672Z

Reserved: 2008-10-07T00:00:00

Link: CVE-2008-4476

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-10-07T21:11:38.590

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-4476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[debian-devel] 20080812 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.debian.org/debian-devel/2008/08/msg00312.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/496405"}, {"name": "sympa-sympa-symlink(44499)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44499"}, {"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "30727", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/30727"}, {"tags": ["x_refsource_MISC"], "url": "http://uvw.ru/report.lenny.txt"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/sympa"}, {"name": "31458", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31458"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[debian-devel] 20080812 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "refsource": "MLIST", "url": "http://lists.debian.org/debian-devel/2008/08/msg00312.html"}, {"name": "http://bugs.debian.org/496405", "refsource": "CONFIRM", "url": "http://bugs.debian.org/496405"}, {"name": "sympa-sympa-symlink(44499)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44499"}, {"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=235770", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "30727", "refsource": "BID", "url": "http://www.securityfocus.com/bid/30727"}, {"name": "http://uvw.ru/report.lenny.txt", "refsource": "MISC", "url": "http://uvw.ru/report.lenny.txt"}, {"name": "http://dev.gentoo.org/~rbu/security/debiantemp/sympa", "refsource": "CONFIRM", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/sympa"}, {"name": "31458", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31458"}, {"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969", "refsource": "CONFIRM", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:17:09.672Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-devel] 20080812 Re: Possible mass bug filing: The possibility of attack with the help of symlinks in some Debian packages", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.debian.org/debian-devel/2008/08/msg00312.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/496405"}, {"name": "sympa-sympa-symlink(44499)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44499"}, {"name": "[oss-security] 20081030 CVE requests: tempfile issues for aview, mgetty, openoffice, crossfire", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"name": "30727", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/30727"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://uvw.ru/report.lenny.txt"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://dev.gentoo.org/~rbu/security/debiantemp/sympa"}, {"name": "31458", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31458"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4476", "datePublished": "2008-10-07T21:00:00", "dateReserved": "2008-10-07T00:00:00", "dateUpdated": "2024-08-07T10:17:09.672Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sympa:sympa:5.3.4:*:*:*:*:*:*:*", "matchCriteriaId": "1DBC7648-5CA9-4FF3-A6FF-C55F0D1A6D38", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability."}, {"lang": "es", "value": "El archivo sympa.pl en sympa versi\u00f3n 5.3.4, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en el archivo temporal /tmp/sympa_aliases.$$. NOTA: tambi\u00e9n se report\u00f3 el archivo wwsympa.fcgi, pero el problema se produjo en una funci\u00f3n inactiva, por lo que no es una vulnerabilidad."}], "id": "CVE-2008-4476", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-10-07T21:11:38.590", "references": [{"source": "cve@mitre.org", "url": "http://bugs.debian.org/496405"}, {"source": "cve@mitre.org", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969"}, {"source": "cve@mitre.org", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/sympa"}, {"source": "cve@mitre.org", "url": "http://lists.debian.org/debian-devel/2008/08/msg00312.html"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31458"}, {"source": "cve@mitre.org", "url": "http://uvw.ru/report.lenny.txt"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/30727"}, {"source": "cve@mitre.org", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44499"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/496405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://dev.gentoo.org/~rbu/security/debiantemp/sympa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.debian.org/debian-devel/2008/08/msg00312.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31458"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://uvw.ru/report.lenny.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/10/30/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/30727"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugs.gentoo.org/show_bug.cgi?id=235770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44499"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Primary"}]}