Skip to Content.
Sympa Menu

2020-001 Security flaws in CSRF prevension

2020-001 Security flaws in CSRF prevension

The Sympa Community 2020-02-24 (Update)

Synopsis

A fix is available for a vulnerability discovered in Sympa web interface.

Systems Affected

Problem Description

A vulnerability has been discovered in Sympa web interface that can cause denial of service (DoS) attack.

By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it allows to originate exessive notification messages to listmasters.

Impact

Possibility of denial of service (DoS) because of disk full or flooding messages.

Workarounds

No workaround is known at the present.

Solution

or

CVE Numbers

CVE-2020-9369

References

Acknowledgements

The security flaw this advisory describes was reported by Javier Moreno.

Change log

Top of Page