Test ID:	1.3.6.1.4.1.25623.1.1.12.2020.4442.1
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-4442-1)
Summary:	The remote host is missing an update for the 'sympa' package(s) announced via the USN-4442-1 advisory.
Description:	Summary: The remote host is missing an update for the 'sympa' package(s) announced via the USN-4442-1 advisory. Vulnerability Insight: Michael Kaczmarczik discovered that Sympa incorrectly handled HTTP GET/POST requests. An attacker could possibly use this issue to insert, edit or obtain sensitive information. (CVE-2018-1000550) It was discovered that Sympa incorrectly handled URL parameters. An attacker could possibly use this issue to perform XSS attacks. (CVE-2018-1000671) Nicolas Chatelain discovered that Sympa incorrectly handled environment variables. An attacker could possibly use this issue with a setuid binary and gain root privileges. (CVE-2020-10936) Affected Software/OS: 'sympa' package(s) on Ubuntu 14.04. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1000550 Debian Security Information: DSA-4285 (Google Search) https://www.debian.org/security/2018/dsa-4285 https://sympa-community.github.io/security/2018-001.html https://lists.debian.org/debian-lts-announce/2018/07/msg00033.html https://usn.ubuntu.com/4442-1/ Common Vulnerability Exposure (CVE) ID: CVE-2018-1000671 https://github.com/sympa-community/sympa/issues/268 https://lists.debian.org/debian-lts-announce/2018/09/msg00023.html https://lists.debian.org/debian-lts-announce/2020/11/msg00015.html Common Vulnerability Exposure (CVE) ID: CVE-2020-10936 Debian Security Information: DSA-4818 (Google Search) https://www.debian.org/security/2020/dsa-4818 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3J4NZLGAF4ZYK52XEBQDTBNHLGBEPXXN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3TMQ3CORUOWARALACCBG2SBTIGZ5GY5/ https://github.com/sympa-community/sympa/releases https://sysdream.com/news/lab/ https://sysdream.com/news/lab/2020-05-25-cve-2020-10936-sympa-privileges-escalation-to-root/ https://lists.debian.org/debian-lts-announce/2020/10/msg00012.html
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.