GLSA Bodhisattva
Joined: 17 Apr 2002 Posts: 2602 Location: Baltimore, MD
|
Posted: Thu Feb 10, 2005 5:30 pm Post subject: [ GLSA 200502-11 ] Mailman: Directory traversal vulnerabilit |
|
|
Gentoo Linux Security Advisory
Title: Mailman: Directory traversal vulnerability (GLSA 200502-11)
Severity: normal
Exploitable: remote
Date: February 10, 2005
Bug(s): #81109
ID: 200502-11
Synopsis
Mailman fails to properly sanitize input, leading to information disclosure.
Background
Mailman is a Python-based mailing list server with an extensive web interface.
Affected Packages
Package: net-mail/mailman
Vulnerable: < 2.1.5-r4
Unaffected: >= 2.1.5-r4
Architectures: All supported architectures
Description
Mailman contains an error in private.py which fails to properly sanitize input paths.
Impact
An attacker could exploit this flaw to obtain arbitrary files on the web server.
Workaround
There is no known workaround at this time.
Resolution
All Mailman users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4" |
References
Full Disclosure Announcement
CAN-2005-0202
Last edited by GLSA on Sat Aug 23, 2008 4:17 am; edited 5 times in total |
|