SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (E-mail Server)  >  Mailman Vendors:  GNU [multiple authors]
Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users
SecurityTracker Alert ID:  1013145
SecurityTracker URL:  http://securitytracker.com/id?1013145
CVE Reference:  CAN-2005-0202   (Links to External Site)
Date:  Feb 10 2005
Impact:  Disclosure of authentication information, Disclosure of system information, Disclosure of user information
Fix Available:  Yes   Vendor Confirmed:  Yes  
Version(s): 2.1 - 2.1.5
Description:  An input validation vulnerability was reported in Mailman in 'private.py'. A remote user can access arbitrary files on the target system.

The true_path() function does not properly validate user-supplied input. A remote user that is a member of a private mailman list can submit a specially crafted input value to access files on the system, including the mailman configuration files and passwords.

A demonsration exploit may contain the following string:

"/...../"

Marcus Meissner reported this flaw.
Impact:  A remote user can access arbitrary files on the target system, including the mailman configuration files with user e-mail addresses and passwords.
Solution:  Version 2.1.6 is not vulnerable.

For prior 2.1.x versions, the vendor has issued a patch, available at:

http://mailman.sourceforge.net/CAN-2005-0202.txt
Vendor URL:  mailman.sf.net/ (Links to External Site)
Cause:  Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Feb 10 2005 (Red Hat Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (bugzilla@redhat.com)
Red Hat has released a fix.
Feb 10 2005 (Gentoo Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (Sune Kloppenborg Jeppesen <jaervosz@gentoo.org>)
Gentoo has released a fix.
Feb 11 2005 (Debian Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Feb 15 2005 (SuSE Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (Marcus Meissner <meissner@suse.de>)
SuSE has issued a fix.
Feb 15 2005 (Red Hat Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (bugzilla@redhat.com)
Red Hat has released a fix.
Feb 16 2005 (Mandrake Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (Mandrakelinux Security Team <security@linux-mandrake.com>)
Mandrake has released a fix.
Feb 22 2005 (Debian Issues Fix) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users   (joey@infodrom.org (Martin Schulze))
Debian has released a fix.
Mar 22 2005 (Apple Issues Fix for OS X) Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users
Apple has issued a fix for Mac OS X.


 Source Message Contents
Date:  Thu, 10 Feb 2005 15:29:34 -0500
Subject:  [none]

 
 
CVE: CAN-2005-0202
 
An input validation vulnerability was reported in Mailman in 'private.py'.  A remote
authenticated user can access arbitrary files on the target system.
 
The true_path() function does not properly validate user-supplied input.  A remote user
that is a member of a private mailman list can submit a specially crafted input value
to access files on the system, including the mailman configuration files and passwords.
 
A demonsration exploit may contain the following string:
 
"/...../"


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC