[Bug 1721746] [NEW] [If member-email known] Malformed "From:" header accepted -> anyone can post to list.
René Freund
1721746 at bugs.launchpad.net
Fri Oct 6 06:38:25 EDT 2017
*** This bug is a security vulnerability ***
Private security bug reported:
Hello,
because we got some spam from outside, but with email-adress of a list-
member lately, we found after an investigation that the E-Mail Header
From: "memberuseremail@" <memberuserdomain.tld somerandomspamemail.tld>
will be accepted by mailman and posted to the list. So if the spammer
knows a valid member-emailadress it is possible to send emails to the
list.
I don't know if this is fixed already and i have to poke the ubuntu team
instead.
Versions:
Ubuntu 16.04 LTS
Mailman Version: 1:2.1.20-1ubuntu0.1
Postfix Version: 3.1.0-3
** Affects: mailman
Importance: Undecided
Status: New
** Tags: email sender
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1721746
Title:
[If member-email known] Malformed "From:" header accepted -> anyone
can post to list.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1721746/+subscriptions
More information about the Mailman-coders
mailing list