sympa-community.github.io

Incubating the new Sympa documentation site

2012-001 Security breaches in archives management

1. Threat

Possibility to bypass the authorization mechanisms in the archive management page.

2. Systems Affected

All Sympa branches are affected.

3. Summary

Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms.

This breach allows to:

4. Solution

Users who can’t upgrade to the latest versions have the following workaround solution: preventing, through web server configuration, to access the archive management,

Older versions are no longer maintained. Users of this version should upgrade to 6.1.11 or 6.0.7 to prevent potential attacks.

Sympa 6.0.7 and 6.1.11 released https://listes.renater.fr/sympa/arc/sympa-announce/2012-05/msg00001.html

Sympa 6.1.11 released https://www.sympa.org/#sympa_6111_released

CC BY-SA 4.0 Unless otherwise specified, the contents of this document are licensed under the Creative Commons - Attribution - ShareAlike license. For more details see LICENSE and AUTHORS.

Theme originally designed by orderedlist