This is an old revision of the document!
Security advisories
This page references the security advisories regarding Sympa.
2012-001 Security breaches in archives management
1. Threat
Possibility to bypass the authorization mechanisms in the archive management page.
2. Systems Affected
All Sympa branches are affected.
- In branch 6.0, all versions prior to 6.0.7
- In branch 6.1, all versions prior to 6.1.11
3. Summary
Multiple vulnerabilities have been discovered in Sympa archive management that allow to skip the scenario-based authorization mechanisms.
This breach allows to:
- display the archives management page ('arc_manage');
- download the list's archives;
- delete the list's archives.
4. Solution
- branch 6.1 : upgrade to version 6.1.11
- branch 6.0 : upgrade to version 6.0.7
Users who can't upgrade to the latest versions have the following workaround solution: preventing, through web server configuration, to access the archive management,
Older versions are no longer maintained. Users of this version should upgrade to 6.1.11 or 6.0.7 to prevent potential attacks.
5 - Links
Sympa 6.0.7 and 6.1.11 released https://listes.renater.fr/sympa/arc/sympa-announce/2012-05/msg00001.html
Sympa 6.1.11 released https://www.sympa.org/#sympa_6111_released
2015-001 Security breaches in newsletter posting
1. Threat
Possibility to bypass the authorization mechanisms in the archive management page.
2. Systems Affected
All Sympa branches are affected.
- In branch 6.0, all versions prior to 6.0.10
- In branch 6.1, all versions prior to 6.1.24
3. Summary
A vulnerability have been discovered in Sympa web interface that allows access to files on the server filesystem.
This breach allows to send to a list or a user any file readable by the Sympa user, located on the server filesystem, using the Sympa web interface newsletter posting area.
4. Solution
- branch 6.1 : upgrade to version 6.1.24
- branch 6.0 : upgrade to version 6.0.10
Users who can't upgrade to the latest versions have the following workaround solution: prevent mail sending through the web interface.
- copy </home_sympa>/default/web_tt2/compose_mail.tt2 to </home_sympa>/etc/compose_mail.tt2
- comment the content of this file in HTML :
- add '<!--' at the beginning of the file
- add '-->' at the end of the file.
If you have a correct understanding of this template structure, you can narrow the comments to the newsletter sending part only.
Older versions are no longer maintained. Users of this version should upgrade to 6.1.24 or 6.0.10 to prevent potential attacks.
5 - Links
No links yet.