CVE-2008-4476

EUVD-2008-4457
sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/sympa_aliases.$$ temporary file.  NOTE: wwsympa.fcgi was also reported, but the issue occurred in a dead function, so it is not a vulnerability.
Link Following
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 5%
Affected Products (NVD)
VendorProductVersion
sympasympa
5.3.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sympa
bookworm
6.2.70~dfsg-2
fixed
bullseye
6.2.60~dfsg-4
fixed
etch
no-dsa
sid
6.2.72~dfsg-1
fixed
trixie
6.2.72~dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sympa
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://bugs.debian.org/496405
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969
http://dev.gentoo.org/~rbu/security/debiantemp/sympa
http://lists.debian.org/debian-devel/2008/08/msg00312.html
http://secunia.com/advisories/31458
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30727
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44499
http://bugs.debian.org/496405
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494969
http://dev.gentoo.org/~rbu/security/debiantemp/sympa
http://lists.debian.org/debian-devel/2008/08/msg00312.html
http://secunia.com/advisories/31458
http://uvw.ru/report.lenny.txt
http://www.openwall.com/lists/oss-security/2008/10/30/2
http://www.securityfocus.com/bid/30727
https://bugs.gentoo.org/show_bug.cgi?id=235770
https://exchange.xforce.ibmcloud.com/vulnerabilities/44499