Sympa Logo
Translations of this page:

Security advisories

This page references the security advisories regarding Sympa.

2012-001 Security breaches in archives management

1. Threat

Possibility to bypass the authorization mechanisms in the archive management page.

2. Systems Affected

All Sympa branches are affected.

  • In branch 6.0, all versions prior to 6.0.7
  • In branch 6.1, all versions prior to 6.1.11

3. Summary

Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms.

This breach allows to:

  • display the archives management page ('arc_manage');
  • download the list's archives;
  • delete the list's archives.

4. Solution

Users who can't upgrade to the latest versions have the following workaround solution: preventing, through web server configuration, to access the archive management,

Older versions are no longer maintained. Users of this version should upgrade to 6.1.11 or 6.0.7 to prevent potential attacks.

5 - Links

security_advisories.txt · Last modified: 2012/05/15 16:35 by david.verdin@renater.fr

The Sympa software is provided by RENATER
Faq | News | Contact | Legal Notices