| VID |
21476 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Mailman, according to its version number, has a directory traversal vulnerability in the private.py script. GNU Mailman is a freely available open-source mailing list manager for Unix-based operating systems. GNU Mailman versions 2.1.5 and earlier are vulnerable to a remote directory traversal vulnerability, caused by an input validation error in the "private.py" script. By sending a specially-crafted request containing modified "dot dot" sequences (in the form of .../....///), a remote attacker could traverse directories located outside of the web root and view the contents of web server readable files.
* Note: This check solely relied on the version number of the remote Mailman software to assess this vulnerability, so this might be a false positive.
* References:
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html
http://secunia.com/advisories/14211/
* Platforms Affected:
GNU Mailman versions 2.1.5 and earlier
Linux Any version
Unix Any version |
| Recommendation |
For Debian GNU/Linux 3.0 (woody):
Upgrade to the latest version of mailman (2.0.11-1woody10 or later), as listed in Debian Security Advisory DSA-674-2 at http://www.debian.org/security/2005/dsa-674
For other distributions:
No upgrade or patch available as of February 2005. Upgrade to the latest version of Mailman (2.1.6 or later), when new fixed version becomes available from the GNU Mailman Web site at http://www.gnu.org/software/mailman/download.html . Or apply the fix described in the Web site at http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html |
| Related URL |
CVE-2005-0202 (CVE) |
| Related URL |
12504 (SecurityFocus) |
| Related URL |
19274 (ISS) |
|
