[Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5
Tokio Kikuchi
tkikuchi at is.kochi-u.ac.jp
Tue Feb 15 09:26:04 CET 2005
Hi,
Barry Warsaw wrote:
> On Wed, 2005-02-09 at 17:00, Tokio Kikuchi wrote:
>
>
>>I've tested with my 1.3.29 installation and verified apache PATH_INFO
>>does convert '//' to '/'. Barry also wanted to clarify which apache
>>version/installation (combination with mailman) is valnerable. Return
>>code of 200 doesn't mean sucessful exploit. You should check mailman
>>logs/error also. (If there is none chances are succesful exploit.)
>
>
> Tokio, do you do any rewrites in your 1.3.29 config file? I just have
> this gut feeling like there's some kind of rewrite rule that caused this
> slash-collapse behavior to be disabled. FWIW, python.org does not do
> rewrites and we weren't vulnerable.
>
I might have confused about which server I was testing. I tested again
today and found all the 1.3 servers (on FreeBSD, Solaris, and BSD/OS) I
administering were vulnerable. (Not all are mailman installed). They are
all not using mod_rewrite.
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
More information about the Mailman-Users
mailing list