Subject: The mailing list for listmasters using Sympa
List archive
Re: [sympa-users] [sympa-fr] editor_key problem or what?
- From: David Verdin <address@concealed>
- To: address@concealed, Strimpakos Giorgos <address@concealed>, "address@concealed" <address@concealed>
- Subject: Re: [sympa-users] [sympa-fr] editor_key problem or what?
- Date: Fri, 08 Nov 2013 14:38:02 +0100
|
Hi Giorgos, I forward you message to the English-speaking support list. Regards, David Le 08/11/13 14:34, Strimpakos Giorgos a
écrit :
Hello,
this is my first time I use this list. Sorry if this is an inappropriate list to send this kind of message. I tried to subscribe to developers list but confirmation for my cru account never arrived to my mailbox. I would like to share with you a kind of "vulnerability" with you. Let's say we have a list with a policy to moderate messages. The problem is that if a message is going to be moderated (scenari action editor_key), and someone sends a confirmation message with the correct hash at sympa@robot, then the message will be distributed. example: listname: testlist robot: example.com message hash:00d88434cffb08d5d7bf8fef8293e282 Anyone can send a message to address@concealed with Subject: DISTRIBUTE testlist 00d88434cffb08d5d7bf8fef8293e282 Is this the way things should run? I search for this kind of bug or something prior to my version (6.1.4). Is this a security risk? Thanks Giorgos --
A bug in Sympa? Quick! To the bug tracker!
| ||||||
Attachment:
smime.p7s
Description: Signature cryptographique S/MIME
- Re: [sympa-users] [sympa-fr] editor_key problem or what?, David Verdin, 11/08/2013
Archive powered by MHonArc 2.6.19+.