Various web attacks cause CGI modules to throw uncaught exceptions
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Low
|
Mark Sapiro |
Bug Description
This is merely an annoyance in that it adds error reports to Mailman's error log. The web response is just the "we hit a bug" page, but we may wish to defend against these. We have seen errors like
Jun 02 15:47:45 2017 admin(31978): @@@@@@@
admin(31978): [----- Mailman Version: 2.1.23 -----]
admin(31978): [----- Traceback ------]
admin(31978): Traceback (most recent call last):
admin(31978): File "/srv/mailman/
admin(31978): main()
admin(31978): File "/srv/mailman/
admin(31978): process_form(mlist, doc, cgidata, language)
admin(31978): File "/srv/mailman/
admin(31978): ftime, fhash = cgidata.
admin(31978): AttributeError: 'list' object has no attribute 'split'
Jun 02 15:48:05 2017 admin(32270): @@@@@@@
admin(32270): [----- Mailman Version: 2.1.23 -----]
admin(32270): [----- Traceback ------]
admin(32270): Traceback (most recent call last):
admin(32270): File "/srv/mailman/
admin(32270): main()
admin(32270): File "/srv/mailman/
admin(32270): if not Utils.IsLanguag
admin(32270): File "/srv/mailman/
admin(32270): return mm_cfg.
admin(32270): TypeError: unhashable type: 'list'
Jun 02 17:24:06 2017 admin(6887): @@@@@@@
admin(6887): [----- Mailman Version: 2.1.23 -----]
admin(6887): [----- Traceback ------]
admin(6887): Traceback (most recent call last):
admin(6887): File "/srv/mailman/
admin(6887): main()
admin(6887): File "/srv/mailman/
admin(6887): cgidata.
admin(6887): File "/srv/mailman/
admin(6887): ac = self.Authentica
admin(6887): File "/srv/mailman/
admin(6887): sharesponse = sha_new(
admin(6887): TypeError: must be string or buffer, not list
The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string.
We have also seen
Jun 02 17:08:00 2017 admin(27163): @@@@@@@
admin(27163): [----- Mailman Version: 2.1.23 -----]
admin(27163): [----- Traceback ------]
admin(27163): Traceback (most recent call last):
admin(27163): File "/srv/mailman/
admin(27163): main()
admin(27163): File "/srv/mailman/
admin(27163): params = cgidata.keys()
admin(27163): File "/usr/lib/
admin(27163): raise TypeError, "not indexable"
admin(27163): TypeError: not indexable
which comes from a POST with no post data.
Related branches
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
status: | Fix Committed → Fix Released |
Regarding the last error above, "TypeError: not indexable"; that had been fixed by https:/ /bugs.launchpad .net/bugs/ 1602608 but https:/ /bugs.launchpad .net/bugs/ 1614841 caused a regression of that fix in options.py. The regression is now fixed at http:// bazaar. launchpad. net/~mailman- coders/ mailman/ 2.1/revision/ 1711