Attachment #214899 for bug #245672




      <entry>2005-09-29</entry>
    </dates>
  </vuln>

  <vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a">
    <topic>sympa --  Denial of service caused by malformed CSRF token</topic>
    <affects>
      <package>
	<name>sympa</name>
	<range><lt>6.2.54</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>Javier Moreno discovered a vulnerability in Sympa web interface that can cause 
	  denial of service (DoS) attack.</p>
	<p>By submitting requests with malformed parameters, this flaw allows to create
	  junk files in Sympa’s directory for temporary files. And particularly by
	  tampering token to prevent CSRF, it allows to originate exessive notification
	  messages to listmasters.</p>
      </body>
    </description>
    <references>
      <cvename>CVE-2020-9369</cvename>
      <url>https://sympa-community.github.io/security/2020-001.html</url>
    </references>
    <dates>
      <discovery>2020-02-24</discovery>
      <entry>2020-05-22</entry>
    </dates>
  </vuln>

  <vuln vid="61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9">
    <topic>sympa - Security flaws in setuid wrappers</topic>
    <affects>
      <package>
	<name>sympa</name>
	<range><lt>6.2.56</lt></range>
      </package>
    </affects>
    <description>
      <body xmlns="http://www.w3.org/1999/xhtml">
	<p>A vulnerability has been discovered in Sympa web interface by which attacker can
	  execute arbitrary code with root privileges.</p>
	<p>Sympa uses two sorts of setuid wrappers:
	 <ul><li>FastCGI wrappers</li>
	  <li>newaliases wrapper</li></ul></p>
        <p>The FastCGI wrappers (wwsympa-wrapper.fcgi and sympa_soap_server-wrapper.fcgi)
	were used to make the web interface running under privileges of a
	dedicated user.</p>
	<p>The newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update the
	alias database with root privileges.</p>
	<p>Since these setuid wrappers did not clear environment variables,
	if environment variables like PERL5LIB were injected,
	forged code might be loaded and executed under privileges of setuid-ed
	users.</p>
      </body>
    </description>
    <references>
      <url>https://sympa-community.github.io/security/2020-002.html</url>
    </references>
    <dates>
      <discovery>2020-05-24</discovery>
      <entry>2020-05-26</entry>
    </dates>
  </vuln>

</vuxml><!-- EOF -->
<!-- Note:  Please add new entries to the beginning of this file. -->
<!-- ex: set ts=8 tw=80 sw=2: -->

Return to bug 245672

Lines 169163-169168 Link Here

(-)security/vuxml/vuln.xml (+64 lines)
169163	<entry>2005-09-29</entry>	169163	<entry>2005-09-29</entry>
169164	</dates>	169164	</dates>
169165	</vuln>	169165	</vuln>
		169166
		169167	<vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a">
		169168	<topic>sympa -- Denial of service caused by malformed CSRF token</topic>
		169169	<affects>
		169170	<package>
		169171	<name>sympa</name>
		169172	<range><lt>6.2.54</lt></range>
		169173	</package>
		169174	</affects>
		169175	<description>
		169176	<body xmlns="http://www.w3.org/1999/xhtml">
		169177	<p>Javier Moreno discovered a vulnerability in Sympa web interface that can cause
		169178	denial of service (DoS) attack.</p>
		169179	<p>By submitting requests with malformed parameters, this flaw allows to create
		169180	junk files in Sympa’s directory for temporary files. And particularly by
		169181	tampering token to prevent CSRF, it allows to originate exessive notification
		169182	messages to listmasters.</p>
		169183	</body>
		169184	</description>
		169185	<references>
		169186	<cvename>CVE-2020-9369</cvename>
		169187	<url>https://sympa-community.github.io/security/2020-001.html</url>
		169188	</references>
		169189	<dates>
		169190	<discovery>2020-02-24</discovery>
		169191	<entry>2020-05-22</entry>
		169192	</dates>
		169193	</vuln>
		169194
		169195	<vuln vid="61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9">
		169196	<topic>sympa - Security flaws in setuid wrappers</topic>
		169197	<affects>
		169198	<package>
		169199	<name>sympa</name>
		169200	<range><lt>6.2.56</lt></range>
		169201	</package>
		169202	</affects>
		169203	<description>
		169204	<body xmlns="http://www.w3.org/1999/xhtml">
		169205	<p>A vulnerability has been discovered in Sympa web interface by which attacker can
		169206	execute arbitrary code with root privileges.</p>
		169207	<p>Sympa uses two sorts of setuid wrappers:
		169208	<ul><li>FastCGI wrappers</li>
		169209	<li>newaliases wrapper</li></ul></p>
		169210	<p>The FastCGI wrappers (wwsympa-wrapper.fcgi and sympa_soap_server-wrapper.fcgi)
		169211	were used to make the web interface running under privileges of a
		169212	dedicated user.</p>
		169213	<p>The newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update the
		169214	alias database with root privileges.</p>
		169215	<p>Since these setuid wrappers did not clear environment variables,
		169216	if environment variables like PERL5LIB were injected,
		169217	forged code might be loaded and executed under privileges of setuid-ed
		169218	users.</p>
		169219	</body>
		169220	</description>
		169221	<references>
		169222	<url>https://sympa-community.github.io/security/2020-002.html</url>
		169223	</references>
		169224	<dates>
		169225	<discovery>2020-05-24</discovery>
		169226	<entry>2020-05-26</entry>
		169227	</dates>
		169228	</vuln>
		169229
169166	</vuxml><!-- EOF -->	169230	</vuxml><!-- EOF -->
169167	<!-- Note: Please add new entries to the beginning of this file. -->	169231	<!-- Note: Please add new entries to the beginning of this file. -->
169168	<!-- ex: set ts=8 tw=80 sw=2: -->	169232	<!-- ex: set ts=8 tw=80 sw=2: -->