[Bug 1695667] [NEW] Various web attacks cause CGI modules to throw uncaught exceptions
Mark Sapiro
mark at msapiro.net
Sat Jun 3 16:49:25 EDT 2017
Public bug reported:
This is merely an annoyance in that it adds error reports to Mailman's
error log. The web response is just the "we hit a bug" page, but we may
wish to defend against these. We have seen errors like
Jun 02 15:47:45 2017 admin(31978): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(31978): [----- Mailman Version: 2.1.23 -----]
admin(31978): [----- Traceback ------]
admin(31978): Traceback (most recent call last):
admin(31978): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(31978): main()
admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 109, in main
admin(31978): process_form(mlist, doc, cgidata, language)
admin(31978): File "/srv/mailman/Mailman/Cgi/subscribe.py", line 147, in process_form
admin(31978): ftime, fhash = cgidata.getvalue('sub_form_token', '').split(':')
admin(31978): AttributeError: 'list' object has no attribute 'split'
Jun 02 15:48:05 2017 admin(32270): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(32270): [----- Mailman Version: 2.1.23 -----]
admin(32270): [----- Traceback ------]
admin(32270): Traceback (most recent call last):
admin(32270): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(32270): main()
admin(32270): File "/srv/mailman/Mailman/Cgi/listinfo.py", line 74, in main
admin(32270): if not Utils.IsLanguage(language):
admin(32270): File "/srv/mailman/Mailman/Utils.py", line 751, in IsLanguage
admin(32270): return mm_cfg.LC_DESCRIPTIONS.has_key(lang)
admin(32270): TypeError: unhashable type: 'list'
Jun 02 17:24:06 2017 admin(6887): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(6887): [----- Mailman Version: 2.1.23 -----]
admin(6887): [----- Traceback ------]
admin(6887): Traceback (most recent call last):
admin(6887): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(6887): main()
admin(6887): File "/srv/mailman/Mailman/Cgi/admin.py", line 118, in main
admin(6887): cgidata.getvalue('adminpw', '')):
admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 238, in WebAuthenticate
admin(6887): ac = self.Authenticate(authcontexts, response, user)
admin(6887): File "/srv/mailman/Mailman/SecurityManager.py", line 180, in Authenticate
admin(6887): sharesponse = sha_new(response).hexdigest()
admin(6887): TypeError: must be string or buffer, not list
The above all result from POST data or query fragments containing multiple values for the same parameter resultin in that parameter being passed to the CGI as a list rather than a string.
We have also seen
Jun 02 17:08:00 2017 admin(27163): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin(27163): [----- Mailman Version: 2.1.23 -----]
admin(27163): [----- Traceback ------]
admin(27163): Traceback (most recent call last):
admin(27163): File "/srv/mailman/scripts/driver", line 117, in run_main
admin(27163): main()
admin(27163): File "/srv/mailman/Mailman/Cgi/options.py", line 113, in main
admin(27163): params = cgidata.keys()
admin(27163): File "/usr/lib/python2.7/cgi.py", line 582, in keys
admin(27163): raise TypeError, "not indexable"
admin(27163): TypeError: not indexable
which comes from a POST with no post data.
** Affects: mailman
Importance: Low
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1695667
Title:
Various web attacks cause CGI modules to throw uncaught exceptions
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1695667/+subscriptions
More information about the Mailman-coders
mailing list