FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

sympa -- Denial of service caused by malformed CSRF token

Affected packages
sympa < 6.2.54

Details

VuXML ID 9908a1cc-35ad-424d-be0b-7e56abd5931a
Discovery 2020-02-24
Entry 2020-05-22

Javier Moreno discovered a vulnerability in Sympa web interface that can cause denial of service (DoS) attack.

By submitting requests with malformed parameters, this flaw allows to create junk files in Sympa's directory for temporary files. And particularly by tampering token to prevent CSRF, it allows to originate exessive notification messages to listmasters.

References

CVE Name CVE-2020-9369
URL https://sympa-community.github.io/security/2020-001.html