GNU Mailman

Arbitrary text injection vulnerability in Mailman CGIs

Bug #1780874 reported by Mark Sapiro on 2018-07-09

This bug affects 1 person

Affects

Status

Importance

Assigned to

Milestone

GNU Mailman

Fix Released

Low

Mark Sapiro

GNU Mailman 2.1.28

You need to log in to change this bug's status.

Affecting:	GNU Mailman
Filed here by:	Mark Sapiro
When:	2018-07-09
Confirmed:	2018-07-09
Assigned:	2018-07-09
Started work:	2018-07-09
Completed:	2018-07-23

Target

Distribution
Package	(Find…)
Project	(Find…)

Status	Importance	Milestone
	Low	GNU Mailman 2.1.28

Assigned to

	Me
	Mark Sapiro (msapiro)

Comment on this change (optional)

Email me about changes to this bug report

(?)

Bug Description

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi <email address hidden>.

See original description

Add tags Tag help

Related branches

lp:mailman/2.1

CVE References

2018-13796

Mark Sapiro (msapiro) wrote on 2018-07-23:

This patch mitigates the content spoofing vulnerability by truncating long list names.

information type:

Private Security → Public

Mark Sapiro (msapiro) on 2018-07-23

Changed in mailman:
status:	In Progress → Fix Released

Mark Sapiro (msapiro) on 2018-07-23

description:

updated

Mark Sapiro (msapiro) wrote on 2018-07-24:

Updated patch to fix this issue Edit (1.5 KiB, text/plain)

The prior patch was wrong. It has been removed. This patch is good.

Report a bug

This report contains Public information Edit

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Updated patch to fix this issue (edit)

Add patch