|
Mailman Attachment Filename Scrubbing Denial of Service
|
|
|
|
|
Secunia Advisory:
|
SA17511
|
|
|
Release Date:
|
2005-11-14
|
|
Last Update:
|
2005-12-26
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
DoS
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Mailman 2.x
|
| | CVE reference: | CVE-2005-3573 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Aliet Santiesteban Sifontes has reported a vulnerability in Mailman, which potentially can be exploited by malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to "Scrubber.py" failing to handle the exception condition when Python fails to process an email file attachment that contains utf8 characters in its filename. This can potentially be exploited to cause the mailing list to stop working via a specially crafted email.
The vulnerability has been reported in version 2.1.5. Other versions may also be affected.
Solution:
The vulnerability has been fixed in version 2.1.7rc1.
Note: The fix for the directory traversal vulnerability, SA14211, has also been enhanced.
Provided and/or discovered by:
Aliet Santiesteban Sifontes
Changelog:
2005-12-05: Added CVE reference.
2005-12-26: Vendor released fixed version. Updated "Solution Status" and "Solution" sections.
Original Advisory:
Mailman:
http://sourceforge.net/project/shownotes.php?release_id=380571
Debian:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732
Other References:
SA14211:
http://secunia.com/advisories/14211/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
9 Related Secunia Security Advisories
|
|
|
1. Mailman Script Insertion Vulnerability
|
|
2. Mailman Multiple Vulnerabilities
|
|
3. Mailman Private Archive Script Cross-Site Scripting
|
|
4. Mailman Dates Denial of Service Vulnerability
|
|
5. Mailman Directory Traversal and Denial of Service
|
|
6. Mailman Cross-Site Scripting and Weak Password Generation
|
|
7. Mailman Unspecified Password Retrieval Vulnerability
|
|
8. Mailman Admin Pages Cross-Site Scripting Vulnerabilities
|
|
9. Mailman Cross Site Scripting
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
