Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Sympa | Sympa | * | 6.2.56 (including) |
| Sympa | Sympa | 6.2.57-beta1 (including) | 6.2.57-beta1 (including) |
| Sympa | Sympa | 6.2.57-beta2 (including) | 6.2.57-beta2 (including) |
| Sympa | Ubuntu | bionic | * |
| Sympa | Ubuntu | esm-apps/bionic | * |
| Sympa | Ubuntu | esm-apps/focal | * |
| Sympa | Ubuntu | esm-apps/jammy | * |
| Sympa | Ubuntu | focal | * |
| Sympa | Ubuntu | groovy | * |
| Sympa | Ubuntu | hirsute | * |
| Sympa | Ubuntu | impish | * |
| Sympa | Ubuntu | jammy | * |
| Sympa | Ubuntu | kinetic | * |
| Sympa | Ubuntu | trusty | * |
| Sympa | Ubuntu | upstream | * |
| Sympa | Ubuntu | xenial | * |