SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Mailman Vendors:   [Multiple Authors/Vendors]
GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1002839
SecurityTracker URL:  http://securitytracker.com/id/1002839
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Nov 28 2001
Impact:   Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 2.0.8
Description:   Cgisecurity.com reported a cross-site scripting vulnerability in the GNU Mailman e-mail archiver.

A remote user can cause arbitrary javascript to be executed on a user's browser such that the javascript appears to the target user's browser to originate from the site running the mailman archiver.

The following demonstration exploit URL will trigger the vulnerability and display a pop-up javascript box:

http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

Impact:   A remote user can use the Mailman archiver to conduct a cross-site scripting attack. The remote user can create a web page or HTML-based e-mail message to execute javascript on the recipients browser such that the javascript appears to originate from the site running the Mainman archiver.
Solution:   The vendor has released a fix. Upgrade to version 2.0.8:

http://sourceforge.net/project/showfiles.php?group_id=103

Vendor URL:  sourceforge.net/projects/mailman (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
(Conectiva Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
The vendor has released a fix.
(Debian Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
The vendor has released a fix.
(Red Hat Issues Fix) GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
The vendor has released fix packages for Red Hat Linux and Red Hat Powertools.
(Red Hat Issues Fix for Secure Web Server Package) Re: GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
Red Hat has issued a fix for their Secure Web Server package.



 Source Message Contents

Subject:  Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting



                                  [ Cgi Security Advisory #7 ]
                                     admin@cgisecurity.com
                         Mailman Email archiver Cross Site Scripting Hole



Found
November 2001

Public Release
Sometime in November 2001


Vendor Contacted
November 2001

Scripts Effected: Mailman Email Archiver
Price: Free

Versions:
All Versions appear to be effected

Platforms:
Unix, Linux, Other? 

Vendor:
http://sourceforge.net/projects/mailman


1. Problem

This product is affected by a Cross Site Scripting hole, which may allow
an attacker to trick a user into thinking something the attacker wrote
actually came from the site that is effected. This involves some social 
engineering to a point but could possibly allow gathering of user
information and other types of fraud.


http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

This will gladly show you a pop up javascript box.


2. Fixes

The vendor has been notified of the problem, 
Upgrade to version 2.0.8 in order to fix this problem.

TarBalls
http://sourceforge.net/project/showfiles.php?group_id=103




Published to the Public November 2001
Copyright November 2001 Cgisecurity.com


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC