Vulnerability Database

296,172

Total vulnerabilities in the database

CVE-2008-4476

sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file. NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.

  • Published: Oct 7, 2008
  • Updated: Apr 13, 2023
  • CVE: CVE-2008-4476
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 6.9
  • AV:L/AC:M/Au:N/C:C/I:C/A:C

CWEs:

Software From Fixed in
sympa / sympa 5.3.4 5.3.4.x