CVE-2015-3436

Name of the Vulnerable Software and Affected Versions Zarafa Collaboration Platform versions prior to 7.1.13 Zarafa Collaboration Platform versions 7.2.x prior to 7.2.1

Description The issue is related to a file access control flaw in the provider/server/ECServer.cpp component. It allows local users to manipulate symbolic links and write to arbitrary files. This can be achieved through a symlink attack on /tmp/zarafa-upgrade-lock.

Recommendations For Zarafa Collaboration Platform versions prior to 7.1.13, update to version 7.1.13 or later. For Zarafa Collaboration Platform versions 7.2.x prior to 7.2.1, update to version 7.2.1 or later.