GLSA Bodhisattva
Joined: 25 Feb 2003 Posts: 3829 Location: Essen, Germany
|
Posted: Sat Jan 22, 2005 7:49 am Post subject: [ GLSA 200501-29 ] Mailman: Cross-site scripting vulnerabili |
|
|
Gentoo Linux Security Advisory
Title: Mailman: Cross-site scripting vulnerability (GLSA 200501-29)
Severity: low
Exploitable: remote
Date: January 22, 2005
Bug(s): #77524
ID: 200501-29
Synopsis
Mailman is vulnerable to cross-site scripting attacks.
Background
Mailman is a Python-based mailing list server with an extensive web interface.
Affected Packages
Package: net-mail/mailman
Vulnerable: < 2.1.5-r3
Unaffected: >= 2.1.5-r3
Architectures: All supported architectures
Description
Florian Weimer has discovered a cross-site scripting vulnerability in the error messages that are produced by Mailman.
Impact
By enticing a user to visiting a specially-crafted URL, an attacker can execute arbitrary script code running in the context of the victim's browser.
Workaround
There is no known workaround at this time.
Resolution
All Mailman users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3" |
References
CAN-2004-1177
Last edited by GLSA on Tue Aug 29, 2006 4:17 am; edited 3 times in total |
|