Lionel Elie Mamane
2006-Sep-12 08:52 UTC
[Secure-testing-team] Tracking: security problems fixed by Mailman 2.1.9
Hi, The following security problems will be fixed by the upload of Mailman 2.1.9, if and when we upload it: - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman''s error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. - Fixed denial of service attack which can be caused by some standards-breaking RFC 2231 formatted headers. CVE-2006-2941. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 -- Lionel
Alec Berryman
2006-Sep-12 14:25 UTC
[Secure-testing-team] Tracking: security problems fixed by Mailman 2.1.9
Lionel Elie Mamane on 2006-09-12 10:18:32 +0200:> The following security problems will be fixed by the upload of Mailman > 2.1.9, if and when we upload it: > > - A malicious user could visit a specially crafted URI and inject an > apparent log message into Mailman''s error log which might induce an > unsuspecting administrator to visit a phishing site. This has been > blocked. Thanks to Moritz Naumann for its discovery.Does this one have a CVE or an upstream identification number?> - Fixed denial of service attack which can be caused by some > standards-breaking RFC 2231 formatted headers. CVE-2006-2941. > > - Several cross-site scripting issues have been fixed. Thanks to Moritz > Naumann for their discovery. CVE-2006-3636I''ve now noted that the current mailman is vulnerable to these two. Thanks for sending us this information. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20060912/2090199b/attachment.pgp
Lionel Elie Mamane
2006-Sep-13 09:53 UTC
[Secure-testing-team] Tracking: security problems fixed by Mailman 2.1.9
On Tue, Sep 12, 2006 at 10:23:22AM -0400, Alec Berryman wrote:> Lionel Elie Mamane on 2006-09-12 10:18:32 +0200:>> The following security problems will be fixed by the upload of Mailman >> 2.1.9, if and when we upload it:>> - A malicious user could visit a specially crafted URI and inject an >> apparent log message into Mailman''s error log which might induce an >> unsuspecting administrator to visit a phishing site. This has been >> blocked. Thanks to Moritz Naumann for its discovery.> Does this one have a CVE or an upstream identification number?I''m not aware of any. The upstream announcement is at https://sourceforge.net/project/shownotes.php?release_id=447065&group_id=103 I forgot also: - Format string vulnerability, but not exploitable. CVE-2006-2191. I mention it only because it got a CVE number assigned, but as it is not exploitable, it is fair to say it is _not_ a security hole. -- Lionel