GNU Mailman Multiple Remote Vulnerabilities
BID:12243
Info
GNU Mailman Multiple Remote Vulnerabilities
| Bugtraq ID: | 12243 |
| Class: | Unknown |
| CVE: |
CVE-2004-1143 CVE-2004-1177 CVE-2004-1178 |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 11 2005 12:00AM |
| Updated: | Jul 12 2009 09:27AM |
| Credit: | Discovery of these vulnerabilities is credited to Florian Weimer and Juha-Matti Tapio. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 Redhat Enterprise Linux WS 4 Redhat Enterprise Linux ES 4 Redhat Enterprise Linux AS 4 Redhat Desktop 4.0 Redhat Desktop 3.0 GNU Mailman 2.1.10 b1 GNU Mailman 2.1.5 GNU Mailman 2.1.4 GNU Mailman 2.1.3 GNU Mailman 2.1.2 GNU Mailman 2.1.1 GNU Mailman 2.1 GNU Mailman 2.0.14 GNU Mailman 2.0.13 GNU Mailman 2.0.12 GNU Mailman 2.0.11 GNU Mailman 2.0.10 GNU Mailman 2.0.9 GNU Mailman 2.0.8 GNU Mailman 2.0.7 GNU Mailman 2.0.6 GNU Mailman 2.0.5 GNU Mailman 2.0.4 GNU Mailman 2.0.4 GNU Mailman 2.0.3 GNU Mailman 2.0.2 GNU Mailman 2.0.1 GNU Mailman 2.0 beta5 GNU Mailman 2.0 beta4 GNU Mailman 2.0 beta3 GNU Mailman 2.0 .8 GNU Mailman 2.0 .7 GNU Mailman 2.0 .6 GNU Mailman 2.0 .5 GNU Mailman 2.0 .3 GNU Mailman 2.0 .2 GNU Mailman 2.0 .1 GNU Mailman 2.0 GNU Mailman 1.1 GNU Mailman 1.0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
GNU Mailman Multiple Remote Vulnerabilities
GNU Mailman is reported prone to multiple remote vulnerabilities. The following individual issues are reported:
It is reported that GNU Mailman is affected by an information disclosure vulnerability.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against a target user, or the computer that is hosting the vulnerable software.
A cross-site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of user-supplied data.
It may be possible to exploit this issue in order to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.
Finally, Mailman is reported prone to a weak auto-generated password vulnerability. It is reported that, when a user subscribes to a mailing list and a password is not specified, Mailman will auto-generate one. The password generation algorithm will generate a weak low entropy password. This password may potentially be brute forced by an attacker.
GNU Mailman is reported prone to multiple remote vulnerabilities. The following individual issues are reported:
It is reported that GNU Mailman is affected by an information disclosure vulnerability.
Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against a target user, or the computer that is hosting the vulnerable software.
A cross-site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of user-supplied data.
It may be possible to exploit this issue in order to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.
Finally, Mailman is reported prone to a weak auto-generated password vulnerability. It is reported that, when a user subscribes to a mailing list and a password is not specified, Mailman will auto-generate one. The password generation algorithm will generate a weak low entropy password. This password may potentially be brute forced by an attacker.
Exploit / POC
GNU Mailman Multiple Remote Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
GNU Mailman Multiple Remote Vulnerabilities
Solution:
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with these and other issues. For more information, please see the referenced advisory.
Ubuntu has released an advisory called USN-59-1 to address these issues for Ubuntu Linux. Please see the referenced advisory for further information.
Gentoo Linux has released advisory GLSA 200501-29 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Please see the referenced advisory for further information.
Mandrake Linux has released advisory MDKSA-2005:015 along with fixes dealing with this issue. Please see the referenced advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. SuSE Linux has also released advisory SUSE-SA:2005:007 to supersede the earlier advisory
Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.
Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.
Red Hat has released advisory RHSA-2005:235-05 to address the cross-site scripting issue (CAN-2004-1177). Please see the referenced advisory for more information.
GNU Mailman 2.0.11
GNU Mailman 2.0.13
GNU Mailman 2.1.1
GNU Mailman 2.1.2
GNU Mailman 2.1.4
GNU Mailman 2.1.5
Solution:
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with these and other issues. For more information, please see the referenced advisory.
Ubuntu has released an advisory called USN-59-1 to address these issues for Ubuntu Linux. Please see the referenced advisory for further information.
Gentoo Linux has released advisory GLSA 200501-29 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Please see the referenced advisory for further information.
Mandrake Linux has released advisory MDKSA-2005:015 along with fixes dealing with this issue. Please see the referenced advisory for more information.
SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. SuSE Linux has also released advisory SUSE-SA:2005:007 to supersede the earlier advisory
Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.
Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.
Red Hat has released advisory RHSA-2005:235-05 to address the cross-site scripting issue (CAN-2004-1177). Please see the referenced advisory for more information.
GNU Mailman 2.0.11
-
Debian mailman_2.0.11-1woody10_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_alpha.deb -
Debian mailman_2.0.11-1woody10_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_arm.deb -
Debian mailman_2.0.11-1woody10_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_hppa.deb -
Debian mailman_2.0.11-1woody10_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_i386.deb -
Debian mailman_2.0.11-1woody10_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_ia64.deb -
Debian mailman_2.0.11-1woody10_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_m68k.deb -
Debian mailman_2.0.11-1woody10_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_mips.deb -
Debian mailman_2.0.11-1woody10_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_mipsel.deb -
Debian mailman_2.0.11-1woody10_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_powerpc.deb -
Debian mailman_2.0.11-1woody10_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_s390.deb -
Debian mailman_2.0.11-1woody10_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody10_sparc.deb -
Debian mailman_2.0.11-1woody11_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_alpha.deb -
Debian mailman_2.0.11-1woody11_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_arm.deb -
Debian mailman_2.0.11-1woody11_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_hppa.deb -
Debian mailman_2.0.11-1woody11_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_i386.deb -
Debian mailman_2.0.11-1woody11_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_ia64.deb -
Debian mailman_2.0.11-1woody11_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_m68k.deb -
Debian mailman_2.0.11-1woody11_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_mips.deb -
Debian mailman_2.0.11-1woody11_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_mipsel.deb -
Debian mailman_2.0.11-1woody11_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_powerpc.deb -
Debian mailman_2.0.11-1woody11_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_s390.deb -
Debian mailman_2.0.11-1woody11_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody11_sparc.deb -
Debian mailman_2.0.11-1woody9_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_alpha.deb -
Debian mailman_2.0.11-1woody9_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_arm.deb -
Debian mailman_2.0.11-1woody9_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_hppa.deb -
Debian mailman_2.0.11-1woody9_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_i386.deb -
Debian mailman_2.0.11-1woody9_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_ia64.deb -
Debian mailman_2.0.11-1woody9_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_m68k.deb -
Debian mailman_2.0.11-1woody9_mips.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_mips.deb -
Debian mailman_2.0.11-1woody9_mipsel.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_mipsel.deb -
Debian mailman_2.0.11-1woody9_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_powerpc.deb -
Debian mailman_2.0.11-1woody9_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_s390.deb -
Debian mailman_2.0.11-1woody9_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11- 1woody9_sparc.deb
GNU Mailman 2.0.13
-
Mandrake mailman-2.0.14-1.2.C21mdk.i586.rpm
Mandrake Corporate Server 2.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.0.14-1.2.C21mdk.x86_64.rpm
Mandrake Corporate Server 2.1/x86_64
http://www.mandrakesecure.net/en/ftp.php
GNU Mailman 2.1.1
-
SuSE mailman-2.1.1-110.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mailman-2.1.1-110 .i586.rpm
GNU Mailman 2.1.2
-
SuSE mailman-2.1.2-93.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mailman-2.1.2-93. i586.rpm -
SuSE mailman-2.1.2-93.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mailman-2.1.2 -93.x86_64.rpm
GNU Mailman 2.1.4
-
Mandrake mailman-2.1.4-2.2.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.4-2.2.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.4-2.2.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
SuSE mailman-2.1.4-83.13.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mailman-2.1.4-83. 13.i586.rpm -
SuSE mailman-2.1.4-83.13.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mailman-2.1.4 -83.13.x86_64.rpm
GNU Mailman 2.1.5
-
Mandrake mailman-2.1.5-7.2.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.5-7.2.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
SuSE mailman-2.1.5-5.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mailman-2.1.5-5.6 .i586.rpm -
SuSE mailman-2.1.5-5.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mailman-2.1.5 -5.6.x86_64.rpm -
Ubuntu mailman_2.1.5-1ubuntu2.2_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_amd64.deb -
Ubuntu mailman_2.1.5-1ubuntu2.2_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_i386.deb -
Ubuntu mailman_2.1.5-1ubuntu2.2_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.2_powerpc.deb
References
GNU Mailman Multiple Remote Vulnerabilities
References:
References:
- [Mailman-Announce] RELEASED Mailman 2.1.5 (Barry Warsaw barry at python.org )
- Bugzilla Bug 4892 [CAN-2004-1143] mailman: weak auto-generated passwords (Ubuntu)
- Debian Quality Assurance (Debian)
- MDKSA-2005:015 - mailman (Mandrake)
- RHSA-2005:235-05 - mailman security update (RedHat)