SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (E-mail Server)  >   Mailman Vendors:   [Multiple Authors/Vendors]
(Debian Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1002990
SecurityTracker URL:  http://securitytracker.com/id/1002990
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Dec 16 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 2.0.8
Description:   Cgisecurity.com reported a cross-site scripting vulnerability in the GNU Mailman e-mail archiver.

A remote user can cause arbitrary javascript to be executed on a user's browser such that the javascript appears to the target user's browser to originate from the site running the mailman archiver.

The following demonstration exploit URL will trigger the vulnerability and display a pop-up javascript box:

http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

Impact:   A remote user can use the Mailman archiver to conduct a cross-site scripting attack. The remote user can create a web page or HTML-based e-mail message to execute javascript on the recipients browser such that the javascript appears to originate from the site running the Mainman archiver.
Solution:   Debian has released a fix.

Debian GNU/Linux 2.2 alias potato
- ---------------------------------

Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

Source archives:
http://security.debian.org/dists/stable/updates/main/source/mailman_1.1-10.diff.gz
MD5 checksum: a9ae9e389e13622a9dd8a70a6a57f2b7
http://security.debian.org/dists/stable/updates/main/source/mailman_1.1-10.dsc
MD5 checksum: 8c77bc3c07be39e8ced4d85882eedf21
http://security.debian.org/dists/stable/updates/main/source/mailman_1.1.orig.tar.gz
MD5 checksum: 42d499f4e1de6959c50b20a4eb0f432a

Alpha architecture:
http://security.debian.org/dists/stable/updates/main/binary-alpha/mailman_1.1-10_alpha.deb
MD5 checksum: 67f8c3c723ec8797117d1fed29f41369

ARM architecture:
http://security.debian.org/dists/stable/updates/main/binary-arm/mailman_1.1-10_arm.deb
MD5 checksum: 80d1fbee3ae7bab5e73ce860b4d8da87

Intel IA-32 architecture:
http://security.debian.org/dists/stable/updates/main/binary-i386/mailman_1.1-10_i386.deb
MD5 checksum: 27c9d400360a99b39954f563f5d0ed43

Motorola 680x0 architecture:
http://security.debian.org/dists/stable/updates/main/binary-m68k/mailman_1.1-10_m68k.deb
MD5 checksum: 2a62ce782f5510f24458050e4c3331d9

PowerPC architecture:
http://security.debian.org/dists/stable/updates/main/binary-powerpc/mailman_1.1-10_powerpc.deb
MD5 checksum: 9239fc74b76ec983b3009a194dc4ce2c

Sun Sparc architecture:
http://security.debian.org/dists/stable/updates/main/binary-sparc/mailman_1.1-10_sparc.deb
MD5 checksum: ad498878cdc9901e92e4b775e023f610

These packages will be moved into the stable distribution on its next
revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/

Vendor URL:  sourceforge.net/projects/mailman (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Debian)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 28 2001 GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks



 Source Message Contents

Date:  Sun, 16 Dec 2001 02:42:42 +0100
Subject:  [SECURITY] [DSA-094-1] mailman cross-site scripting problem


-----BEGIN PGP SIGNED MESSAGE-----

- ------------------------------------------------------------------------
Debian Security Advisory DSA-094-1                   security@debian.org
http://www.debian.org/security/                         Wichert Akkerman
December 16, 2001
- ------------------------------------------------------------------------


Package        : mailman
Problem type   : cross-site scripting hole
Debian-specific: no

Barry A. Warsaw reported several cross-site scripting security holes
in Mailman, due to non-existent escaping of CGI variables. 

These have been fixed upstream in version 2.0.8, and the relevant
patches have been backported to version 1.1-10 in Debian.

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.


Debian GNU/Linux 2.2 alias potato
- ---------------------------------

  Potato was released for alpha, arm, i386, m68k, powerpc and sparc.

  Source archives:
    http://security.debian.org/dists/stable/updates/main/source/mailman_1.1-10.diff.gz
      MD5 checksum: a9ae9e389e13622a9dd8a70a6a57f2b7
    http://security.debian.org/dists/stable/updates/main/source/mailman_1.1-10.dsc
      MD5 checksum: 8c77bc3c07be39e8ced4d85882eedf21
    http://security.debian.org/dists/stable/updates/main/source/mailman_1.1.orig.tar.gz
      MD5 checksum: 42d499f4e1de6959c50b20a4eb0f432a

  Alpha architecture:
    http://security.debian.org/dists/stable/updates/main/binary-alpha/mailman_1.1-10_alpha.deb
      MD5 checksum: 67f8c3c723ec8797117d1fed29f41369

  ARM architecture:
    http://security.debian.org/dists/stable/updates/main/binary-arm/mailman_1.1-10_arm.deb
      MD5 checksum: 80d1fbee3ae7bab5e73ce860b4d8da87

  Intel IA-32 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-i386/mailman_1.1-10_i386.deb
      MD5 checksum: 27c9d400360a99b39954f563f5d0ed43

  Motorola 680x0 architecture:
    http://security.debian.org/dists/stable/updates/main/binary-m68k/mailman_1.1-10_m68k.deb
      MD5 checksum: 2a62ce782f5510f24458050e4c3331d9

  PowerPC architecture:
    http://security.debian.org/dists/stable/updates/main/binary-powerpc/mailman_1.1-10_powerpc.deb
      MD5 checksum: 9239fc74b76ec983b3009a194dc4ce2c

  Sun Sparc architecture:
    http://security.debian.org/dists/stable/updates/main/binary-sparc/mailman_1.1-10_sparc.deb
      MD5 checksum: ad498878cdc9901e92e4b775e023f610

  These packages will be moved into the stable distribution on its next
  revision.

For not yet released architectures please refer to the appropriate
directory ftp://ftp.debian.org/debian/dists/sid/binary-$arch/ .

- -- 
- ----------------------------------------------------------------------------
apt-get: deb http://security.debian.org/ stable/updates main
dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: noconv

iQB1AwUBPBv8AajZR/ntlUftAQGIBgMAqrY9ILYTVBAZh4prGb7/Tk40/A1hAWG4
E5K6NzanvsDbbhQwPafOumUazCVnJa+GSwA/ydhektBXdwR4bv6DIfpOS7nJ4o/R
Po2pptcNrd/r7XaDDxHWraxk6llTznoI
=o1Zc
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC