GNU Mailman Remote Directory Traversal Vulnerability
BID:12504
Info
GNU Mailman Remote Directory Traversal Vulnerability
| Bugtraq ID: | 12504 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0202 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 09 2005 12:00AM |
| Updated: | Jul 12 2009 10:06AM |
| Credit: | The discoverer of this vulnerability is not known. |
| Vulnerable: |
Ubuntu Ubuntu Linux 4.1 ppc Ubuntu Ubuntu Linux 4.1 ia64 Ubuntu Ubuntu Linux 4.1 ia32 SGI ProPack 3.0 Redhat Linux 9.0 i386 Redhat Linux 7.3 i686 Redhat Linux 7.3 i386 Redhat Linux 7.3 Redhat Fedora Core3 Redhat Fedora Core2 Redhat Fedora Core1 Mandriva Linux Mandrake 10.1 Mandriva Linux Mandrake 10.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 2.1 x86_64 MandrakeSoft Corporate Server 2.1 GNU Mailman 2.1.5 GNU Mailman 2.1.4 GNU Mailman 2.1.3 GNU Mailman 2.1.2 GNU Mailman 2.1.1 GNU Mailman 2.1 Gentoo Linux Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 |
| Not Vulnerable: | |
Discussion
GNU Mailman Remote Directory Traversal Vulnerability
Mailman, when hosted on a web server that does not strip extra slashes from URLs (i.e. Apache 1.3.x), is reported prone to a remote directory traversal vulnerability.
The remote attacker may exploit this vulnerability to disclose the contents of web server readable files. Symantec has received reports of the username and password databases of public mailing lists being compromised through the exploitation of this vulnerability.
Information that is harvested by leveraging this vulnerability may be used to aid in further attacks against a target computer or victim user.
Mailman, when hosted on a web server that does not strip extra slashes from URLs (i.e. Apache 1.3.x), is reported prone to a remote directory traversal vulnerability.
The remote attacker may exploit this vulnerability to disclose the contents of web server readable files. Symantec has received reports of the username and password databases of public mailing lists being compromised through the exploitation of this vulnerability.
Information that is harvested by leveraging this vulnerability may be used to aid in further attacks against a target computer or victim user.
Exploit / POC
GNU Mailman Remote Directory Traversal Vulnerability
No exploit is required.
No exploit is required.
Solution / Fix
GNU Mailman Remote Directory Traversal Vulnerability
Solution:
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with this and other issues. For more information, please see the referenced advisory.
Mandrake Linux has released advisory MDKSA-2005:037 dealing with this issue. Please see the referenced advisory for additional information.
Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.
Red Hat has released advisory RHSA-2005:136-08 and RHSA-2005:137-07 to provide fixes that address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Gentoo has released advisory GLSA 200502-11 addressing this issue.
All Mailman users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4"
RedHat Fedora Linux has released advisories FEDORA-2005-131 and FEDORA-2005-132 dealing with this issue for Fedora Core 2 and Core 3 respectively. Please see the referenced advisory for additional information.
Ubuntu Linux has released advisory USN-78-1 dealing with this issue. Please see the referenced advisory for additional information.
Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.
SuSE has released advisory SUSE-SA:2005:007 to address this issue. Please see the referenced advisory for details on obtaining and applying fixes.
Ubuntu has released advisory USN-78-2 to release new fixes for Mailman. The fixes included in the previous Ubuntu advisory USN-78-1 cause the "private" module of Mailman to stop functioning. Please see the referenced advisory for more information.
SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.
Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. An Update for Mac OS X Server v10.3.8 is available.
RedHat Fedora has released Fedora Legacy security advisory FLSA:152895 addressing this issue. Please see the referenced advisory for further information.
Apple Mac OS X Server 10.3.8
GNU Mailman 2.1
GNU Mailman 2.1.1
GNU Mailman 2.1.2
GNU Mailman 2.1.4
GNU Mailman 2.1.5
SGI ProPack 3.0
Solution:
Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with this and other issues. For more information, please see the referenced advisory.
Mandrake Linux has released advisory MDKSA-2005:037 dealing with this issue. Please see the referenced advisory for additional information.
Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.
Red Hat has released advisory RHSA-2005:136-08 and RHSA-2005:137-07 to provide fixes that address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.
Gentoo has released advisory GLSA 200502-11 addressing this issue.
All Mailman users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4"
RedHat Fedora Linux has released advisories FEDORA-2005-131 and FEDORA-2005-132 dealing with this issue for Fedora Core 2 and Core 3 respectively. Please see the referenced advisory for additional information.
Ubuntu Linux has released advisory USN-78-1 dealing with this issue. Please see the referenced advisory for additional information.
Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.
SuSE has released advisory SUSE-SA:2005:007 to address this issue. Please see the referenced advisory for details on obtaining and applying fixes.
Ubuntu has released advisory USN-78-2 to release new fixes for Mailman. The fixes included in the previous Ubuntu advisory USN-78-1 cause the "private" module of Mailman to stop functioning. Please see the referenced advisory for more information.
SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.
Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. An Update for Mac OS X Server v10.3.8 is available.
RedHat Fedora has released Fedora Legacy security advisory FLSA:152895 addressing this issue. Please see the referenced advisory for further information.
Apple Mac OS X Server 10.3.8
-
Apple SecUpdSrvr2005-003Pan.dmg
http://wsidecar.apple.com/cgi-bin/nph-reg3rdpty1.pl/product=05530&plat form=osx&method=sa/SecUpdSrvr2005-003Pan.dmg
GNU Mailman 2.1
-
RedHat mailman-2.1.1-8.legacy.i386.rpm
RedHat Linux 9.0
http://download.fedoralegacy.org/redhat/9/updates/i386/mailman-2.1.1-8 .legacy.i386.rpm
GNU Mailman 2.1.1
-
SuSE mailman-2.1.1-110.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mailman-2.1.1-110 .i586.rpm
GNU Mailman 2.1.2
-
RedHat mailman-2.1.5-8.legacy.i386.rpm
RedHat Fedora Core 1
http://download.fedoralegacy.org/fedora/1/updates/i386/mailman-2.1.5-8 .legacy.i386.rpm -
SuSE mailman-2.1.2-93.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mailman-2.1.2-93. i586.rpm -
SuSE mailman-2.1.2-93.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mailman-2.1.2 -93.x86_64.rpm
GNU Mailman 2.1.4
-
Mandrake mailman-2.1.4-2.3.100mdk.amd64.rpm
Mandrake Linux 10.0/AMD64
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.4-2.3.100mdk.i586.rpm
Mandrake Linux 10.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.4-2.3.C30mdk.i586.rpm
Mandrake Corporate Server 3.0
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.4-2.3.C30mdk.x86_64.rpm
Mandrake Corporate Server 3.0/x86_64
http://www.mandrakesecure.net/en/ftp.php -
SuSE mailman-2.1.4-83.13.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mailman-2.1.4-83. 13.i586.rpm -
SuSE mailman-2.1.4-83.13.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mailman-2.1.4 -83.13.x86_64.rpm
GNU Mailman 2.1.5
-
Mandrake mailman-2.1.5-7.3.101mdk.i586.rpm
Mandrake Linux 10.1
http://www.mandrakesecure.net/en/ftp.php -
Mandrake mailman-2.1.5-7.3.101mdk.x86_64.rpm
Mandrake Linux 10.1/x86_64
http://www.mandrakesecure.net/en/ftp.php -
SuSE mailman-2.1.5-5.6.i586.rpm
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mailman-2.1.5-5.6 .i586.rpm -
SuSE mailman-2.1.5-5.6.x86_64.rpm
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mailman-2.1.5 -5.6.x86_64.rpm -
Ubuntu mailman_2.1.5-1ubuntu2.3_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.3_amd64.deb -
Ubuntu mailman_2.1.5-1ubuntu2.3_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.3_i386.deb -
Ubuntu mailman_2.1.5-1ubuntu2.3_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.3_powerpc.deb -
Ubuntu mailman_2.1.5-1ubuntu2.4_amd64.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.4_amd64.deb -
Ubuntu mailman_2.1.5-1ubuntu2.4_i386.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.4_i386.deb -
Ubuntu mailman_2.1.5-1ubuntu2.4_powerpc.deb
Ubuntu 4.10 (Warty Warthog)
http://security.ubuntu.com/ubuntu/pool/main/m/mailman/mailman_2.1.5-1u buntu2.4_powerpc.deb
SGI ProPack 3.0
-
SGI Patch10144
http://support.sgi.com/
References
GNU Mailman Remote Directory Traversal Vulnerability
References:
References: