[ mailman-Bugs-1179487 ] denial of service security bug

SourceForge.net noreply at sourceforge.net
Sat Apr 9 18:15:17 CEST 2005 

Bugs item #1179487, was opened at 2005-04-08 17:46
Message generated for change (Settings changed) made by bwarsaw
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1179487&group_id=103

Category: mail delivery
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Mark Crispin (mrcrispin)
>Assigned to: Barry A. Warsaw (bwarsaw)
Summary: denial of service security bug

Initial Comment:
We've had multiple incidents of this problem.

If a digest gets a message containing an attachment 
using an RFC 2231 encoded parameter has a character 
set that is unknown to Python (in this case, "X-
UNKNOWN"), then routine get_filename() in 
email/Message.py (not to be confused with 
Mailman/Message.py) calls unicode() without any error 
trap.

The result is that digest delivery for that entire mailing 
list is suspended until that message is manually 
removed.

It appears that passing an "ignore" as the errors 
parameter to unicode() won't stop Python from 
generating this error.

I'm not sure as to the best way to fix this.  I haven't 
worked much with Python at all, and Mailman support 
was just dumped on my lap.

I can see that there are lots of unicode() calls 
throughout the Mailman source that don't have any error 
protection.  I don't know which ones are also vulnerable 
to this attack.

Traceback (most recent call last):
  File "/usr/local/mailman/cron/senddigests", line 94, in ?
    main()
  File "/usr/local/mailman/cron/senddigests", line 86, in 
main
    mlist.send_digest_now()
  File "/usr/local/mailman/Mailman/Digester.py", line 60, 
in send_digest_n
ow
    ToDigest.send_digests(self, mboxfp)
  
File "/usr/local/mailman/Mailman/Handlers/ToDigest.py",
 line 132, in sen
d_digests
    send_i18n_digests(mlist, mboxfp)
  
File "/usr/local/mailman/Mailman/Handlers/ToDigest.py",
 line 306, in sen
d_i18n_digests
    msg = scrubber(mlist, msg)
  
File "/usr/local/mailman/Mailman/Handlers/Scrubber.py",
 line 268, in pro
cess
    url = save_attachment(mlist, part, dir)
  
File "/usr/local/mailman/Mailman/Handlers/Scrubber.py",
 line 362, in sav
e_attachment
    fnext = os.path.splitext(msg.get_filename(''))[1]
  File "/usr/local/mailman/pythonlib/email/Message.py", 
line 731, in get_f
ilename
    return unicode(newvalue[2], newvalue[0] or 'us-ascii')
LookupError: unknown encoding: X-UNKNOWN

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1179487&group_id=103

More information about the Mailman-coders mailing list