Vulnerability Bulletins |
Vulnerabilidad de directorio transversal en Mailman |
|
Vulnerability classification |
|
Property | Value |
Confidence level | Oficial |
Impact | Aumento de la visibilidad |
Dificulty | Principiante |
Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
Property | Value |
Affected manufacturer | GNU/Linux |
Affected software | Mailman 2.1 <=2.1.5 |
Description |
|
Se ha descubierto una vulnerabilidad de directorio transversal en la versión 2.1.5 y anteriores de la rama 2.1 de Mailman. La vulnerabilidad reside en el manejo de peticiones que contengan secuencias del tipo "/...../" por parte del cgi "private". Esta vulnerabilidad solo afecta a instalaciones de Mailman sobre servidores que no dividan las peticiones por el carácter "/" como es el caso de Apache 1.3. La explotación de esta vulnerabilidad podría permitir a un atacante remoto acceder a archivos de listas privadas y al archivo de configuración de la lista lo que incluye el acceso a las contraseñas de los usuarios. |
|
Solution |
|
Si lo desea, aplique los mecanismos de actualización propios de su distribución, o bien baje las fuentes del software y compílelo usted mismo. Actualización de software Mailman Parche http://www.gnu.org/software/mailman/CAN-2005-0202.txt Mailman 2.1.6 http://www.gnu.org/software/mailman/download.html Red Hat Linux Red Hat Desktop (v. 3) SRPMS mailman-2.1.5-24.rhel3.src.rpm IA-32 mailman-2.1.5-24.rhel3.i386.rpm x86_64 mailman-2.1.5-24.rhel3.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 2.1) SRPMS mailman-2.0.13-7.src.rpm IA-32 mailman-2.0.13-7.i386.rpm IA-64 mailman-2.0.13-7.ia64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux AS (v. 3) SRPMS mailman-2.1.5-24.rhel3.src.rpm IA-32 mailman-2.1.5-24.rhel3.i386.rpm IA-64 mailman-2.1.5-24.rhel3.ia64.rpm PPC mailman-2.1.5-24.rhel3.ppc.rpm s390 mailman-2.1.5-24.rhel3.s390.rpm s390x mailman-2.1.5-24.rhel3.s390x.rpm x86_64 mailman-2.1.5-24.rhel3.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 2.1) SRPMS mailman-2.0.13-7.src.rpm IA-32 mailman-2.0.13-7.i386.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux ES (v. 3) SRPMS mailman-2.1.5-24.rhel3.src.rpm IA-32 mailman-2.1.5-24.rhel3.i386.rpm IA-64 mailman-2.1.5-24.rhel3.ia64.rpm x86_64 mailman-2.1.5-24.rhel3.x86_64.rpm https://rhn.redhat.com/ Red Hat Enterprise Linux WS (v. 3) SRPMS mailman-2.1.5-24.rhel3.src.rpm IA-32 mailman-2.1.5-24.rhel3.i386.rpm IA-64 mailman-2.1.5-24.rhel3.ia64.rpm x86_64 mailman-2.1.5-24.rhel3.x86_64.rpm https://rhn.redhat.com/ Red Hat Linux Advanced Workstation 2.1 Itanium Processor SRPMS mailman-2.0.13-7.src.rpm IA-64 mailman-2.0.13-7.ia64.rpm https://rhn.redhat.com/ Linux Mandrake Mandrakelinux 10.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/RPMS/mailman-2.1.4-2.3.100mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.0/SRPMS/mailman-2.1.4-2.3.100mdk.src.rpm AMD64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/RPMS/mailman-2.1.4-2.3.100mdk.amd64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/amd64/10.0/SRPMS/mailman-2.1.4-2.3.100mdk.src.rpm Mandrakelinux 10.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/mailman-2.1.5-7.3.101mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/mailman-2.1.5-7.3.101mdk.i586.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/mailman-2.1.5-7.3.101mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/mailman-2.1.5-7.3.101mdk.i586.rpm Corporate Server 2.1 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/mailman-2.0.14-1.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/mailman-2.0.14-1.3.C21mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/mailman-2.0.14-1.3.C21mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/mailman-2.0.14-1.3.C21mdk.src.rpm Corporate Server 3.0 x86 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/mailman-2.1.4-2.3.C30mdk.i586.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/mailman-2.1.4-2.3.C30mdk.src.rpm X86_64 ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.3.C30mdk.x86_64.rpm ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.3.C30mdk.src.rpm SUSE Linux SUSE Linux 9.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mailman-2.1.5-5.6.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/mailman-2.1.5-5.6.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/src/mailman-2.1.5-5.6.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mailman-2.1.5-5.6.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/mailman-2.1.5-5.6.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/src/mailman-2.1.5-5.6.src.rpm SUSE Linux 9.1 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mailman-2.1.4-83.13.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/mailman-2.1.4-83.13.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/src/mailman-2.1.4-83.13.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mailman-2.1.4-83.13.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/mailman-2.1.4-83.13.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/src/mailman-2.1.4-83.13.src.rpm SUSE Linux 9.0 x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mailman-2.1.2-93.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/mailman-2.1.2-93.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/src/mailman-2.1.2-93.src.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mailman-2.1.2-93.x86_64.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/mailman-2.1.2-93.x86_64.patch.rpm ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/src/mailman-2.1.2-93.src.rpm SUSE Linux 8.2 x86 ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mailman-2.1.1-110.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/i586/mailman-2.1.1-110.i586.patch.rpm ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/mailman-2.1.1-110.src.rpm Red Hat Linux Red Hat Desktop (v. 4) Red Hat Enterprise Linux AS (v. 4) Red Hat Enterprise Linux ES (v. 4) Red Hat Enterprise Linux WS (v. 4) https://rhn.redhat.com/ Debian Linux Debian Linux 3.0 Source http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.dsc http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.diff.gz http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11.orig.tar.gz Alpha http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_alpha.deb ARM http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_arm.deb Intel IA-32 http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_i386.deb Intel IA-64 http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_ia64.deb HP Precision http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_hppa.deb Motorola 680x0 http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_m68k.deb Big endian MIPS http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_mips.deb Little endian MIPS http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_mipsel.deb PowerPC http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_powerpc.deb IBM S/390 http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_s390.deb Sun Sparc http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11_sparc.deb Apple Mac OS X Server v10.3.8 http://www.apple.com/support/downloads/securityupdate2005003server.html |
|
Standar resources |
|
Property | Value |
CVE | CAN-2005-0202 |
BID | |
Other resources |
|
Mailman Security Advisory http://www.gnu.org/software/mailman/security.html Debian Security Advisory DSA 647-2 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00053.html Debian Security Advisory DSA 674-3 http://lists.debian.org/debian-security-announce/debian-security-announce-2005/msg00066.html Red Hat Security Advisory RHSA-2005:136-08 https://rhn.redhat.com/errata/RHSA-2005-136.html Mandrakesoft Security Advisories MDKSA-2005:037 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2005:037 SUSE Security Announcement SUSE-SA:2005:007 http://www.novell.com/linux/security/advisories/2005_07_mailman.html Red Hat Security Advisory RHSA-2005:137-07 https://rhn.redhat.com/errata/RHSA-2005-137.html Apple Security Update 2005-003 http://docs.info.apple.com/article.html?artnum=301061 |
Version history |
||
Version | Comments | Date |
1.0 | Aviso emitido | 2005-02-11 |
1.1 | Aviso actualizado por Debian (DSA 647-2) | 2005-02-14 |
1.2 | Aviso emitido por Mandrake (MDKSA-2005:037). Aviso emitido por SUSE (SUSE-SA:2005:007). | 2005-02-15 |
1.3 | Aviso emitido por Red Hat (RHSA-2005:137-07) | 2005-02-16 |
1.4 | Aviso actualizado por Debian (DSA 674-3) | 2005-02-22 |
1.5 | Aviso emitido por Apple (2005-003) | 2005-03-22 |