diff options
Diffstat (limited to 'security/vuxml/vuln.xml')
-rw-r--r-- | security/vuxml/vuln.xml | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 3e0111d60a70..d12a7139e0a2 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -58,6 +58,72 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a"> + <topic>sympa -- Denial of service caused by malformed CSRF token</topic> + <affects> + <package> + <name>sympa</name> + <range><lt>6.2.54</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Javier Moreno discovered a vulnerability in Sympa web + interface that can cause denial of service (DoS) attack.</p> + <p>By submitting requests with malformed parameters, this + flaw allows to create junk files in Sympa's directory + for temporary files. And particularly by tampering token + to prevent CSRF, it allows to originate exessive + notification messages to listmasters.</p> + </body> + </description> + <references> + <cvename>CVE-2020-9369</cvename> + <url>https://sympa-community.github.io/security/2020-001.html</url> + </references> + <dates> + <discovery>2020-02-24</discovery> + <entry>2020-05-22</entry> + </dates> + </vuln> + + <vuln vid="61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9"> + <topic>sympa - Security flaws in setuid wrappers</topic> + <affects> + <package> + <name>sympa</name> + <range><lt>6.2.56</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A vulnerability has been discovered in Sympa web interface + by which attacker can execute arbitrary code with root privileges. + Sympa uses two sorts of setuid wrappers:</p> + <ul> + <li>FastCGI wrappers</li> + <li>newaliases wrapper</li> + </ul> + <p>The FastCGI wrappers wwsympa-wrapper.fcgi and + sympa_soap_server-wrapper.fcgi were used to make the web + interface running under privileges of a dedicated user.</p> + <p>The newaliases wrapper (sympa_newaliases-wrapper) allows + Sympa to update the alias database with root privileges.</p> + <p>Since these setuid wrappers did not clear environment variables, + if environment variables like PERL5LIB were injected, + forged code might be loaded and executed under privileges of setuid-ed + users.</p> + </body> + </description> + <references> + <url>https://sympa-community.github.io/security/2020-002.html</url> + </references> + <dates> + <discovery>2020-05-24</discovery> + <entry>2020-05-26</entry> + </dates> + </vuln> + <vuln vid="f9c5a410-9b4e-11ea-ac3f-6805ca2fa271"> <topic>powerdns-recursor -- multiple vulnerabilities</topic> <affects> |