Arbitrary text injection vulnerability in Mailman CGIs

Bug #1780874 reported by Mark Sapiro on 2018-07-09
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
GNU Mailman
Low
Mark Sapiro

Bug Description

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi <email address hidden>.

Related branches

CVE References

Mark Sapiro (msapiro) wrote :

This patch mitigates the content spoofing vulnerability by truncating long list names.

information type: Private Security → Public
Mark Sapiro (msapiro) on 2018-07-23
Changed in mailman:
status: In Progress → Fix Released
Mark Sapiro (msapiro) on 2018-07-23
description: updated
Mark Sapiro (msapiro) wrote :

The prior patch was wrong. It has been removed. This patch is good.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers