oss-sec mailing list archives
Re: CVE request: sympa (try again)
From: Kurt Seifried <kseifried () redhat com>
Date: Fri, 11 May 2012 23:58:33 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/11/2012 12:03 PM, micah wrote:
Hi, Please assign a CVE for Sympa, any version prior to 6.1.11. It is possible to open the archive management ("arc_manage") page for any list, even those set to only be available to members, giving anyone the option to download the archive, or delete the archive. http://www.sympa.org/distribution/latest-stable/NEWS https://sourcesup.renater.fr/scm/viewvc.php/branches/sympa-6.0-branch/wwsympa/wwsympa.fcgi.in?root=sympa&r1=6706&r2=7358&pathrev=7358 thank you, micah ps - for some reason the previous message is formatted strange, so I'm sending this one without the signature
Ok I see this one and several more: ================================ 6.1.11 May 11, 2012 Bug fixes: [7358] wwsympa/wwsympa.fcgi.in: Fixing a potential security issue related to archives ================================ 6.1.1 October 22, 2010 This version includes a lots news such as DKIM support, autosignoff footer link included in lists messages, ... Various vulnerability have been solved in 6.1.1 : cross side scripting, cross-Site request forgeries, brute force attack, DOS. These vulnerabilities were identified with the help of P. Gardenat (Rectorat de Rennes) during a security audit on Sympa. - --------------------- web_tt2/error.tt2, wwsympa/wwsympa.fcgi.in: Now shared document can't be read or edited unless list is open. This is a security fix ================================ 6.0 1st October 2009 Security: - - [reported by T. Retout] SQL injection threat removed by using place holders instead of direct sprint in a query. - - [Submitted by N. Bertrand, univ. Minnesota] Basic logs in debug don't issue the password unencrypted in the logs for function Auth::ldap_authentication. This way, this password won't be sent unencrypted to a possible syslog server. - - [#4439] [#4440] [reported by O.Berger] security vulnerability which use a file in /tmp. - - [#4430] store temporary files in Sympa's own tmp directory instead of /tmp to prevent symlink attacks ================================ Can you confirm these and I will assign CVE's for the outstanding issues. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJPrfwJAAoJEBYNRVNeJnmTjwYP/RYT1um9+14sKMs2iTsribGZ i2X3m7LtkNUT29614x+Pw87fVFTeIGxvJ8vM0uyUvvZn2QsflmASHGhzAlLu60u4 2Nm+FrXCoqmF7YRwFlxO1blMgSAYt8aDunot4dkTl8x6MWfM265y/Ft2r3dssiun LT52nal/4RZSFbx0YYfzxQPkwZLtsEo9XFMF9lttH3j7NuyMlG/trPFMWrpWJ23w RkPMkO4VrPp9oZkFO+2MJij9v4H9IwiVbptINk1cEkCEYWpdZrgLX1TrtfCGgYeP M0qawndp/J3Js6ZniVbOaMKyodyTcZnc4ajW7a0T4xY01h947J9JgqmCMUqKZ8GX zyR7R4TJMarNjkfg7jj2iBg6QdqM1owJ2fELnrZN6n0MER2TZ0BI/+A5Og9OBk+j 1dXEuiO/sYkaLNJiMwlsHIZEnGdGVCmZgp0p8XhJfsRi23mWfnyI+qGVMBx5vGDW TCJ2aELsr1cWL4CPM3hxrzXu4WYh6DGYisGxhYNq2jEkfd0ctLomQCn4FgAHV+M6 EEBODxFyVqYBwjnl3FS+EMtzFGU/4UHYxo8tXquwt2T9BjaTSz7b1FYD4ViQ658e WVkf63xNP8IorjpJjMiwhItS+ImbK2YIvyy7vHe6/pN0OdVNm7O94mcDXTlgowRa Zan9zvykYeNxXFA+5ugX =IC7h -----END PGP SIGNATURE-----
Current thread:
- CVE request: sympa (try again) micah (May 11)
- ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Daniel Kahn Gillmor (May 11)
- Re: ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Solar Designer (May 12)
- Re: CVE request: sympa (try again) Kurt Seifried (May 11)
- Re: CVE request: sympa (try again) micah anderson (May 12)
- Re: CVE request: sympa (try again) Kurt Seifried (May 12)
- Re: CVE request: sympa (try again) micah anderson (May 15)
- Re: CVE request: sympa (try again) Kurt Seifried (May 15)
- Re: CVE request: sympa (try again) micah anderson (May 12)
- ezmlm signature mangling [was: Re: CVE request: sympa (try again)] Daniel Kahn Gillmor (May 11)