CVE-2015-6566 Information

Description

zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 allows local users to gain privileges via a symlink attack on /tmp/zarafa-vacation-*.

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2015-November/172605.html https://download.zarafa.com/community/final/7.2/final-changelog-7.2.txt https://jira.zarafa.com/browse/ZCP-13533 https://jira.zarafa.com/browse/ZCP-13572

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.4