[Mailman-Developers] bugs in 2.1.2

ned nd at felinemenace.org
Fri Sep 26 09:21:36 EDT 2003


Hello list,
i've been poking and prodding mailman for about an hour now...found a few 
things which could be not seen as secure (although they dont have any real 
impact...):
first there is a XSS (cross site scripting) bug in create.py in Cgi/. just 
enter 
"><script>alert("hi")</script>. putting a Utils.Websafe (is that right) 
shoudl fix it...

second small bug in Mailist.Mailist, here's a quick demo:
http://mail.python.org/mailman/listinfo/(X * 500). nice little info 
disclosure hole...easily fixed by restricting lengths on filenames that 
open() uses. but you already knew that!

anyway, nothing a few length checks and some url-fixups wont fix!
aapologies too if this should have gone throuhg bugzilla or 
something...it's late right now and im excited by the grand final 
tomorrow.

regards,
Ned Dawes
 -- 
http://felinemenace.org/~nd




More information about the Mailman-Developers mailing list