Previous articleBack to news listNext article
|
Sponsored links |
Want to become one of our authors and see your work published on ALLSeek.iNFO ?
|
| Mailman Input Validation Hole in 'private.py' Discloses Files to Remote Users |
|---|
Categorie: Vulnerability
Posted: 2005-02-12 by ReCall
Views: 422
Source: Click here
| Current Rating: Not rated
|
|
| Details |
|---|
Description: An input validation vulnerability was reported in Mailman in 'private.py'. A remote user can access arbitrary files on the target system.
The true_path() function does not properly validate user-supplied input. A remote user that is a member of a private mailman list can submit a specially crafted input value to access files on the system, including the mailman configuration files and passwords.
A demonsration exploit may contain the following string:
"/...../"
Marcus Meissner reported this flaw.
Impact: A remote user can access arbitrary files on the target system, including the mailman configuration files with user e-mail addresses and passwords.
Solution: Version 2.1.6 is not vulnerable.
For prior 2.1.x versions, the vendor has issued a patch, available at:
http://mailman.sourceforge.net/CAN-2005-0202.txt
|
| Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1355
|
| User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
|
Previous articleBack to news listNext article
|
