(Conectiva Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1002946 |
|
SecurityTracker URL: http://securitytracker.com/id/1002946
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Dec 12 2001
|
Impact:
Execution of arbitrary code via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): prior to 2.0.8
|
Description:
Cgisecurity.com reported a cross-site scripting vulnerability in the GNU Mailman e-mail archiver.
A remote user can cause arbitrary javascript to be executed on a user's browser such that the javascript appears to the target user's browser to originate from the site running the mailman archiver.
The following demonstration exploit URL will trigger the vulnerability and display a pop-up javascript box:
http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>
|
Impact:
A remote user can use the Mailman archiver to conduct a cross-site scripting attack. The remote user can create a web page or HTML-based e-mail message to execute javascript on the recipients browser such that the javascript appears to originate from the site running the Mainman archiver.
|
Solution:
The vendor has released a fix:
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/mailman-2.0.8-2U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mailman-2.0.8-2U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/mailman-2.0.8-2U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mailman-2.0.8-2U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mailman-2.0.8-2U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mailman-2.0.8-2U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mailman-2.0.8-2U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mailman-2.0.8-2U70_1cl.src.rpm
Users of Conectiva Linux version 6.0 or higher may use apt to perform upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
|
Vendor URL: sourceforge.net/projects/mailman (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Conectiva)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 11 Dec 2001 17:32:39 -0200
Subject: [conectiva-updates] [CLA-2001:445] Conectiva Linux Security Announcement - mailman
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------
PACKAGE : mailman
SUMMARY : Mailman Cross-Site Scripting Vulnerability
DATE : 2001-12-11 17:26:00
ID : CLA-2001:445
RELEVANT
RELEASES : 5.0, 5.1, 6.0, 7.0
- -------------------------------------------------------------------------
DESCRIPTION
Mailman, the GNU Mailing List Manager, is a software to help manage
electronic mail discussion lists.
Cgisecurity.com released an advisory[1] related to a cross-site
scripting vulnerability[2] in mailman. By exploiting this
vulnerability, an attacker could collect information about a web user
or possibly gain access to cookie-based authentication credentials.
SOLUTION
All mailman users should upgrade.
REFERENCES:
1.http://www.cgisecurity.org/advisory/7.txt
2.http://www.securityfocus.com/bid/3602
DIRECT DOWNLOAD LINKS TO THE UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/5.0/SRPMS/mailman-2.0.8-2U50_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.0/i386/mailman-2.0.8-2U50_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/5.1/SRPMS/mailman-2.0.8-2U51_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/5.1/i386/mailman-2.0.8-2U51_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/SRPMS/mailman-2.0.8-2U60_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/mailman-2.0.8-2U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/mailman-2.0.8-2U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/mailman-2.0.8-2U70_1cl.src.rpm
ADDITIONAL INSTRUCTIONS
Users of Conectiva Linux version 6.0 or higher may use apt to perform
upgrades of RPM packages:
- add the following line to /etc/apt/sources.list if it is not there yet
(you may also use linuxconf to do this):
rpm [cncbr] ftp://atualizacoes.conectiva.com.br 6.0/conectiva updates
(replace 6.0 with the correct version number if you are not running CL6.0)
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8Fl9W42jd0JmAcZARArHPAKCiW8xKbRbNnTjfcE8VmhOD/4GUkwCg3nAS
wJagL2pUD50169dlTWNPkko=
=QSp+
-----END PGP SIGNATURE-----
|
|
