sympa-community.github.io

Incubating the new Sympa documentation site

2020-001 Security flaws in CSRF prevension

The Sympa Community 2020-02-24 (Update)

Synopsis

A fix is available for a vulnerability discovered in Sympa web interface.

Systems Affected

Problem Description

A vulnerability has been discovered in Sympa web interface that can cause denial of service (DoS) attack.

By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa’s directory for temporary files. And particularly by tampering token to prevent CSRF, it allows to originate exessive notification messages to listmasters.

Impact

Possibility of denial of service (DoS) because of disk full or flooding messages.

Workarounds

No workaround is known at the present.

Solution

or

CVE Numbers

CVE-2020-9369

References

Acknowledgements

The security flaw this advisory describes was reported by Javier Moreno.

Change log

CC BY-SA 4.0 Unless otherwise specified, the contents of this document are licensed under the Creative Commons - Attribution - ShareAlike license. For more details see LICENSE and AUTHORS.

Theme originally designed by orderedlist