SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (E-mail Server)  >   Mailman Vendors:   GNU [multiple authors]
(Gentoo Issues Fix) Re: Mailman List Software Input Validation Flaw in 'email' Variable Allows Remote Users to Conduct Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1006118
SecurityTracker URL:  http://securitytracker.com/id/1006118
CVE Reference:   CVE-2003-0038   (Links to External Site)
Updated:  Feb 9 2004
Original Entry Date:  Feb 17 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.1
Description:   An input validation vulnerability was reported in the Mailman mailing list distribution software. A remote user can conduct cross-site scripting attacks against Mailman users and administrators.

It is reported that the 'email' variable on the web interface is not properly filtered to remove HTML code from user-supplied input. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Mailman web interface and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

A demonstration exploit URL is provided:

https://[target]:443/mailman/options/yourlist?
language=en&email=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>

It is also reported that the default error page does not properly filter user-supplied input. A demonstration exploit URL is provided:

https://[target]:443//mailman/options/yourlist?
language=<SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Mailmain software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Gentoo Linux has issued a fix. The vendor recommends that all Gentoo Linux users who are running net-mail/mailman upgrade to mailman-2.1.1 as follows:

emerge sync
emerge -u mailman
emerge clean

Vendor URL:  www.gnu.org/software/mailman/mailman.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Gentoo)

Message History:   This archive entry is a follow-up to the message listed below.
Jan 24 2003 Mailman List Software Input Validation Flaw in 'email' Variable Allows Remote Users to Conduct Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [Full-Disclosure] GLSA: mailman


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200302-05
- - ---------------------------------------------------------------------

PACKAGE : mailman
SUMMARY : cross site scripting
DATE    : 2003-02-17 09:16 UTC
EXPLOIT : remote

- - ---------------------------------------------------------------------

The email variable and the default error page in mailmain 2.1 contains 
cross site scripting vulnerabilities.
 
Read the full advisory at:
http://marc.theaimsgroup.com/?l=bugtraq&m=104342745916111&w=2

SOLUTION

It is recommended that all Gentoo Linux users who are running
net-mail/mailman upgrade to mailman-2.1.1 as follows:

emerge sync
emerge -u mailman
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- - ---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQE+UKiNfT7nyhUpoZMRAuI2AJ9wnFfMKTXwBVyFnMLASs6SGuZggwCeKdgj
k2lHmZN7hAxMFTM7ilmS974=
=S96x
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC