FreeBSD Bugzilla – Attachment 214899 Details for
Bug 245672
mail/sympa: update to 6.2.54 - security fix
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
svn diff security/vuxml
vuxml.diff (text/plain), 2.71 KB, created by
geoffroy desvernay
on 2020-05-27 05:47:00 UTC
(
hide
)
Description:
svn diff security/vuxml
Filename:
MIME Type:
Creator:
geoffroy desvernay
Created:
2020-05-27 05:47:00 UTC
Size:
2.71 KB
patch
obsolete
>Index: security/vuxml/vuln.xml >=================================================================== >--- security/vuxml/vuln.xml (revision 536629) >+++ security/vuxml/vuln.xml (working copy) >@@ -169163,6 +169163,70 @@ > <entry>2005-09-29</entry> > </dates> > </vuln> >+ >+ <vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a"> >+ <topic>sympa -- Denial of service caused by malformed CSRF token</topic> >+ <affects> >+ <package> >+ <name>sympa</name> >+ <range><lt>6.2.54</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>Javier Moreno discovered a vulnerability in Sympa web interface that can cause >+ denial of service (DoS) attack.</p> >+ <p>By submitting requests with malformed parameters, this flaw allows to create >+ junk files in Sympaâs directory for temporary files. And particularly by >+ tampering token to prevent CSRF, it allows to originate exessive notification >+ messages to listmasters.</p> >+ </body> >+ </description> >+ <references> >+ <cvename>CVE-2020-9369</cvename> >+ <url>https://sympa-community.github.io/security/2020-001.html</url> >+ </references> >+ <dates> >+ <discovery>2020-02-24</discovery> >+ <entry>2020-05-22</entry> >+ </dates> >+ </vuln> >+ >+ <vuln vid="61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9"> >+ <topic>sympa - Security flaws in setuid wrappers</topic> >+ <affects> >+ <package> >+ <name>sympa</name> >+ <range><lt>6.2.56</lt></range> >+ </package> >+ </affects> >+ <description> >+ <body xmlns="http://www.w3.org/1999/xhtml"> >+ <p>A vulnerability has been discovered in Sympa web interface by which attacker can >+ execute arbitrary code with root privileges.</p> >+ <p>Sympa uses two sorts of setuid wrappers: >+ <ul><li>FastCGI wrappers</li> >+ <li>newaliases wrapper</li></ul></p> >+ <p>The FastCGI wrappers (wwsympa-wrapper.fcgi and sympa_soap_server-wrapper.fcgi) >+ were used to make the web interface running under privileges of a >+ dedicated user.</p> >+ <p>The newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update the >+ alias database with root privileges.</p> >+ <p>Since these setuid wrappers did not clear environment variables, >+ if environment variables like PERL5LIB were injected, >+ forged code might be loaded and executed under privileges of setuid-ed >+ users.</p> >+ </body> >+ </description> >+ <references> >+ <url>https://sympa-community.github.io/security/2020-002.html</url> >+ </references> >+ <dates> >+ <discovery>2020-05-24</discovery> >+ <entry>2020-05-26</entry> >+ </dates> >+ </vuln> >+ > </vuxml><!-- EOF --> > <!-- Note: Please add new entries to the beginning of this file. --> > <!-- ex: set ts=8 tw=80 sw=2: -->
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=214899">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 245672
:
213466
|
214753
|
214898
| 214899 |
214900