SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (E-mail Server)  >   Mailman Vendors:   [Multiple Authors/Vendors]
GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1002839
SecurityTracker URL:  http://securitytracker.com/id/1002839
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 28 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.0.8
Description:   Cgisecurity.com reported a cross-site scripting vulnerability in the GNU Mailman e-mail archiver.

A remote user can cause arbitrary javascript to be executed on a user's browser such that the javascript appears to the target user's browser to originate from the site running the mailman archiver.

The following demonstration exploit URL will trigger the vulnerability and display a pop-up javascript box:

http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
Impact:   A remote user can use the Mailman archiver to conduct a cross-site scripting attack. The remote user can create a web page or HTML-based e-mail message to execute javascript on the recipients browser such that the javascript appears to originate from the site running the Mainman archiver.
Solution:   The vendor has released a fix. Upgrade to version 2.0.8:

http://sourceforge.net/project/showfiles.php?group_id=103
Vendor URL:  sourceforge.net/projects/mailman (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Conectiva Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks   (secure@conectiva.com.br)
The vendor has released a fix.
(Debian Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks   (Wichert Akkerman <wichert@wiggy.net>)
The vendor has released a fix.
(Red Hat Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks   (bugzilla@redhat.com)
The vendor has released fix packages for Red Hat Linux and Red Hat Powertools.
(Red Hat Issues Fix for Secure Web Server Package) Re: GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks   (bugzilla@redhat.com)
Red Hat has issued a fix for their Secure Web Server package.


 Source Message Contents
Date:  Wed, 28 Nov 2001 10:07:56 -0500
Subject:  Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting



                                  [ Cgi Security Advisory #7 ]
                                     admin@cgisecurity.com
                         Mailman Email archiver Cross Site Scripting Hole



Found
November 2001

Public Release
Sometime in November 2001


Vendor Contacted
November 2001

Scripts Effected: Mailman Email Archiver
Price: Free

Versions:
All Versions appear to be effected

Platforms:
Unix, Linux, Other? 

Vendor:
http://sourceforge.net/projects/mailman


1. Problem

This product is affected by a Cross Site Scripting hole, which may allow
an attacker to trick a user into thinking something the attacker wrote
actually came from the site that is effected. This involves some social 
engineering to a point but could possibly allow gathering of user
information and other types of fraud.


http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

This will gladly show you a pop up javascript box.


2. Fixes

The vendor has been notified of the problem, 
Upgrade to version 2.0.8 in order to fix this problem.

TarBalls
http://sourceforge.net/project/showfiles.php?group_id=103




Published to the Public November 2001
Copyright November 2001 Cgisecurity.com


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2013, SecurityGlobal.net LLC