[Bug 1780874] [NEW] Arbitrary text injection vulnerability in Mailman CGIs
*** This bug is a security vulnerability *** Private security bug reported: A URL with a very long text listname such as http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phis... will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-13796 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
This patch mitigates the content spoofing vulnerability by truncating long list names. ** Patch added: "Patch to fix this issue" https://bugs.launchpad.net/mailman/+bug/1780874/+attachment/5166712/+files/1... ** Information type changed from Private Security to Public -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
** Changed in: mailman Status: In Progress => Fix Released -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
** Description changed: A URL with a very long text listname such as http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phis... will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site. + + This issue was discovered by Hammad Qureshi + <Hammad.Qureshi@dig8labs.com>. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
The prior patch was wrong. It has been removed. This patch is good. ** Patch removed: "Patch to fix this issue" https://bugs.launchpad.net/mailman/+bug/1780874/+attachment/5166712/+files/1... ** Attachment added: "Updated patch to fix this issue" https://bugs.launchpad.net/mailman/+bug/1780874/+attachment/5167324/+files/p... -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1780874 Title: Arbitrary text injection vulnerability in Mailman CGIs To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1780874/+subscriptions
participants (2)
-
Launchpad Bug Tracker -
Mark Sapiro