Date: Wed, 27 May 2020 16:20:11 +0000 (UTC) From: Kurt Jaeger <pi@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r536701 - head/security/vuxml Message-ID: <202005271620.04RGKBAH080247@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pi Date: Wed May 27 16:20:11 2020 New Revision: 536701 URL: https://svnweb.freebsd.org/changeset/ports/536701 Log: security/vuxml: add two entries for mail/sympa PR: 246701 Submitted by: Geoffroy Desvernay <dgeo@centrale-marseille.fr> Modified: head/security/vuxml/vuln.xml Modified: head/security/vuxml/vuln.xml ============================================================================== --- head/security/vuxml/vuln.xml Wed May 27 16:18:56 2020 (r536700) +++ head/security/vuxml/vuln.xml Wed May 27 16:20:11 2020 (r536701) @@ -58,6 +58,72 @@ Notes: * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9908a1cc-35ad-424d-be0b-7e56abd5931a"> + <topic>sympa -- Denial of service caused by malformed CSRF token</topic> + <affects> + <package> + <name>sympa</name> + <range><lt>6.2.54</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Javier Moreno discovered a vulnerability in Sympa web + interface that can cause denial of service (DoS) attack.</p> + <p>By submitting requests with malformed parameters, this + flaw allows to create junk files in Sympa's directory + for temporary files. And particularly by tampering token + to prevent CSRF, it allows to originate exessive + notification messages to listmasters.</p> + </body> + </description> + <references> + <cvename>CVE-2020-9369</cvename> + <url>https://sympa-community.github.io/security/2020-001.html</url> + </references> + <dates> + <discovery>2020-02-24</discovery> + <entry>2020-05-22</entry> + </dates> + </vuln> + + <vuln vid="61bc44ce-9f5a-11ea-aff3-f8b156c2bfe9"> + <topic>sympa - Security flaws in setuid wrappers</topic> + <affects> + <package> + <name>sympa</name> + <range><lt>6.2.56</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>A vulnerability has been discovered in Sympa web interface + by which attacker can execute arbitrary code with root privileges. + Sympa uses two sorts of setuid wrappers:</p> + <ul> + <li>FastCGI wrappers</li> + <li>newaliases wrapper</li> + </ul> + <p>The FastCGI wrappers wwsympa-wrapper.fcgi and + sympa_soap_server-wrapper.fcgi were used to make the web + interface running under privileges of a dedicated user.</p> + <p>The newaliases wrapper (sympa_newaliases-wrapper) allows + Sympa to update the alias database with root privileges.</p> + <p>Since these setuid wrappers did not clear environment variables, + if environment variables like PERL5LIB were injected, + forged code might be loaded and executed under privileges of setuid-ed + users.</p> + </body> + </description> + <references> + <url>https://sympa-community.github.io/security/2020-002.html</url> + </references> + <dates> + <discovery>2020-05-24</discovery> + <entry>2020-05-26</entry> + </dates> + </vuln> + <vuln vid="f9c5a410-9b4e-11ea-ac3f-6805ca2fa271"> <topic>powerdns-recursor -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202005271620.04RGKBAH080247>