Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
GNU Mailman 'Scrubber.py' Decoding Error May Let Remote Users Deny Service
|
|
SecurityTracker Alert ID: 1015735
|
|
SecurityTracker URL: http://securitytracker.com/id?1015735
|
|
CVE Reference: CVE- 2005-3573
(Links to External Site)
|
|
OSVDB Reference: 20819
(Links to External Site)
|
Date: Mar 7 2006
|
Impact: Denial of service via network
|
Fix Available: Yes
Exploit Included: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 2.1.6
|
Description: A vulnerability was reported in GNU Mailman. A remote user can cause denial of service conditions.
The 'Scrubber.py' script does not properly decode UTF8 character encodings in filenames of e-mail attachments [originally reported
in September 2005]. A remote user can send e-mail with a specially crafted filename attachment that, when archived by Mailman,
may cause the Mailman application to crash.
Aliet Santiesteban Sifontes reported this vulnerabilties.
|
Impact: A remote user may be able to cause Mailman to crash.
|
Solution: The vendor has issued a fixed version (2.1.6), available at:
http://mailman.sourceforge.net/download.html
|
Vendor URL: mailman.sourceforge.net/ (Links to External Site)
|
Cause: Exception handling error, Input validation error
|
Underlying OS: Linux (Any), UNIX (Any)
|
Reported By: Aliet Santiesteban Sifontes <alietss@yahoo.com>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Sun Sep 11 19:58:40 CEST 2005
From: Aliet Santiesteban Sifontes <alietss@yahoo.com>
Subject: [Mailman-Users] Uncaught runner exception: 'utf8' codec can't decode bytes in position 1-4: invalid data
|
Hi list, I'm running mailman for several lists on
debian sarge, mailman-2.1.5-8, suddenly one of of the
lists stops working, maybe by spam or dos attack using
a bug in mailman, here the error, any ideas on how ti
fix this??:
Sep 11 13:34:35 2005 (12535) Uncaught runner
exception: 'utf8' codec can't decode bytes in position
1-4: invalid data
Sep 11 13:34:35 2005 (12535) Traceback (most recent
call last):
File "/usr/lib/mailman/Mailman/Queue/Runner.py",
line 111, in _oneloop
self._onefile(msg, msgdata)
File "/usr/lib/mailman/Mailman/Queue/Runner.py",
line 167, in _onefile
keepqueued = self._dispose(mlist, msg, msgdata)
File
"/usr/lib/mailman/Mailman/Queue/IncomingRunner.py",
line 130, in _dispose
more = self._dopipeline(mlist, msg, msgdata,
pipeline)
File
"/usr/lib/mailman/Mailman/Queue/IncomingRunner.py",
line 153, in _dopipeline
sys.modules[modname].process(mlist, msg, msgdata)
File
"/var/lib/mailman/Mailman/Handlers/ToDigest.py", line
91, in process
send_digests(mlist, mboxfp)
File
"/var/lib/mailman/Mailman/Handlers/ToDigest.py", line
132, in send_digests
send_i18n_digests(mlist, mboxfp)
File
"/var/lib/mailman/Mailman/Handlers/ToDigest.py", line
306, in send_i18n_digests
msg = scrubber(mlist, msg)
File
"/var/lib/mailman/Mailman/Handlers/Scrubber.py", line
265, in process
url = save_attachment(mlist, part, dir)
File
"/var/lib/mailman/Mailman/Handlers/Scrubber.py", line
361, in save_attachment
fnext = os.path.splitext(msg.get_filename(''))[1]
File "/usr/lib/python2.3/email/Message.py", line
731, in get_filename
return unicode(newvalue[2], newvalue[0] or
'us-ascii')
UnicodeDecodeError: 'utf8' codec can't decode bytes in
position 1-4: invalid data
Sep 11 13:34:35 2005 (12535) SHUNTING:
1126458561.9029009+2ca02ecc54d36f4e0a88a7ab17fc28736bd23635
______________________________________________________
Yahoo! for Good
Watch the Hurricane Katrina Shelter From The Storm concert
http://advision.webevents.yahoo.com/shelter
|
|
Go to the Top of This SecurityTracker Archive Page
|
