GNU Mailman

Arbitrary text injection vulnerability in Mailman CGIs

Bug #1780874 reported by Mark Sapiro on 2018-07-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Fix Released	Low	Mark Sapiro	GNU Mailman 2.1.28

Bug Description

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi <email address hidden>.

See original description

Related branches

lp:mailman/2.1

CVE References

2018-13796

Revision history for this message

Mark Sapiro (msapiro) wrote on 2018-07-23:

This patch mitigates the content spoofing vulnerability by truncating long list names.

information type:

Private Security → Public

Mark Sapiro (msapiro) on 2018-07-23

Changed in mailman:
status:	In Progress → Fix Released

Mark Sapiro (msapiro) on 2018-07-23

description:

updated

Revision history for this message

Mark Sapiro (msapiro) wrote on 2018-07-24:

Updated patch to fix this issue Edit (1.5 KiB, text/plain)

The prior patch was wrong. It has been removed. This patch is good.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1913241

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Updated patch to fix this issue (edit)

Add patch