Index: security/vuxml/vuln.xml
===================================================================
--- security/vuxml/vuln.xml (revision 536629)
+++ security/vuxml/vuln.xml (working copy)
@@ -169163,6 +169163,70 @@
Javier Moreno discovered a vulnerability in Sympa web interface that can cause
+ denial of service (DoS) attack. By submitting requests with malformed parameters, this flaw allows to create
+ junk files in Sympa’s directory for temporary files. And particularly by
+ tampering token to prevent CSRF, it allows to originate exessive notification
+ messages to listmasters. A vulnerability has been discovered in Sympa web interface by which attacker can
+ execute arbitrary code with root privileges. Sympa uses two sorts of setuid wrappers:
+
The FastCGI wrappers (wwsympa-wrapper.fcgi and sympa_soap_server-wrapper.fcgi) + were used to make the web interface running under privileges of a + dedicated user.
+The newaliases wrapper (sympa_newaliases-wrapper) allows Sympa to update the + alias database with root privileges.
+Since these setuid wrappers did not clear environment variables, + if environment variables like PERL5LIB were injected, + forged code might be loaded and executed under privileges of setuid-ed + users.
+ + +