[ mailman-Bugs-1179487 ] denial of service security bug
SourceForge.net
noreply at sourceforge.net
Sat Apr 9 18:15:17 CEST 2005
Bugs item #1179487, was opened at 2005-04-08 17:46
Message generated for change (Settings changed) made by bwarsaw
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1179487&group_id=103
Category: mail delivery
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 5
Submitted By: Mark Crispin (mrcrispin)
>Assigned to: Barry A. Warsaw (bwarsaw)
Summary: denial of service security bug
Initial Comment:
We've had multiple incidents of this problem.
If a digest gets a message containing an attachment
using an RFC 2231 encoded parameter has a character
set that is unknown to Python (in this case, "X-
UNKNOWN"), then routine get_filename() in
email/Message.py (not to be confused with
Mailman/Message.py) calls unicode() without any error
trap.
The result is that digest delivery for that entire mailing
list is suspended until that message is manually
removed.
It appears that passing an "ignore" as the errors
parameter to unicode() won't stop Python from
generating this error.
I'm not sure as to the best way to fix this. I haven't
worked much with Python at all, and Mailman support
was just dumped on my lap.
I can see that there are lots of unicode() calls
throughout the Mailman source that don't have any error
protection. I don't know which ones are also vulnerable
to this attack.
Traceback (most recent call last):
File "/usr/local/mailman/cron/senddigests", line 94, in ?
main()
File "/usr/local/mailman/cron/senddigests", line 86, in
main
mlist.send_digest_now()
File "/usr/local/mailman/Mailman/Digester.py", line 60,
in send_digest_n
ow
ToDigest.send_digests(self, mboxfp)
File "/usr/local/mailman/Mailman/Handlers/ToDigest.py",
line 132, in sen
d_digests
send_i18n_digests(mlist, mboxfp)
File "/usr/local/mailman/Mailman/Handlers/ToDigest.py",
line 306, in sen
d_i18n_digests
msg = scrubber(mlist, msg)
File "/usr/local/mailman/Mailman/Handlers/Scrubber.py",
line 268, in pro
cess
url = save_attachment(mlist, part, dir)
File "/usr/local/mailman/Mailman/Handlers/Scrubber.py",
line 362, in sav
e_attachment
fnext = os.path.splitext(msg.get_filename(''))[1]
File "/usr/local/mailman/pythonlib/email/Message.py",
line 731, in get_f
ilename
return unicode(newvalue[2], newvalue[0] or 'us-ascii')
LookupError: unknown encoding: X-UNKNOWN
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1179487&group_id=103
More information about the Mailman-coders
mailing list