[Bug 1695667] [NEW] Various web attacks cause CGI modules to throw uncaught exceptions
Public bug reported: This is merely an annoyance in that it adds error reports to Mailman's error log. The web response is just the "we hit a bug" page, but we may wish to defend against these. We have seen errors like Jun 02 15:47:45 2017 admin(31978): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(31978): [----- Mailman Version: 2.1.23 -----] admin(31978): [----- Traceback ------] admin(31978): Traceback (most recent call last): admin(31978): File "/srv/mailman/scripts/driver", line 117, in run_main admin(31978): main() admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 109, in main admin(31978): process_form(mlist, doc, cgidata, language) admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 147, in process_form admin(31978): ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':') admin(31978): AttributeError: 'list' object has no attribute 'split' Jun 02 15:48:05 2017 admin(32270): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(32270): [----- Mailman Version: 2.1.23 -----] admin(32270): [----- Traceback ------] admin(32270): Traceback (most recent call last): admin(32270): File "/srv/mailman/scripts/driver", line 117, in run_main admin(32270): main() admin(32270): File "/srv/mailman/Mailman/Cgi/listinfo.py", line 74, in main admin(32270): if not Utils.IsLanguage(language): admin(32270): File "/srv/mailman/Mailman/Utils.py", line 751, in IsLanguage admin(32270): return mm_cfg.LC_DESCRIPTIONS.has_key(lang) admin(32270): TypeError: unhashable type: 'list' Jun 02 17:24:06 2017 admin(6887): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(6887): [----- Mailman Version: 2.1.23 -----] admin(6887): [----- Traceback ------] admin(6887): Traceback (most recent call last): admin(6887): File "/srv/mailman/scripts/driver", line 117, in run_main admin(6887): main() admin(6887): File "/srv/mailman/Mailman/Cgi/admin.py", line 118, in main admin(6887): cgidata.getvalue('adminpw', '')): admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 238, in WebAuthenticate admin(6887): ac = self.Authenticate(authcontexts, response, user) admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 180, in Authenticate admin(6887): sharesponse = sha_new(response).hexdigest() admin(6887): TypeError: must be string or buffer, not list The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string. We have also seen Jun 02 17:08:00 2017 admin(27163): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(27163): [----- Mailman Version: 2.1.23 -----] admin(27163): [----- Traceback ------] admin(27163): Traceback (most recent call last): admin(27163): File "/srv/mailman/scripts/driver", line 117, in run_main admin(27163): main() admin(27163): File "/srv/mailman/Mailman/Cgi/options.py", line 113, in main admin(27163): params = cgidata.keys() admin(27163): File "/usr/lib/python2.7/cgi.py", line 582, in keys admin(27163): raise TypeError, "not indexable" admin(27163): TypeError: not indexable which comes from a POST with no post data. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
Regarding the last error above, "TypeError: not indexable"; that had been fixed by https://bugs.launchpad.net/bugs/1602608 but https://bugs.launchpad.net/bugs/1614841 caused a regression of that fix in options.py. The regression is now fixed at http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1711 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
** Changed in: mailman Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
** Changed in: mailman Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1695667 Title: Various web attacks cause CGI modules to throw uncaught exceptions To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
participants (2)
-
Launchpad Bug Tracker
-
Mark Sapiro