[Mailman-Users] cgi-script "low level failure"

Don Burns don at andesengineering.com
Sun Jan 23 03:05:55 CET 2005 

Wow... that was it.  I have two machines with the same OS/Mailman
installation and all other files were identical except for the driver
script.  This looks like a very sneaky hack and now I have security
concerns.

Once I replaced the driver script things went back to normal.  

Is it appropriate to post the "hacked" driver script so that others can be 
aware?  I'd also be interested in someone's take as to what the 
perpetrators were trying to accomplish.  Thank goodness this wouldn't run.

Thank you.

-don


On Sat, 22 Jan 2005, Mark Sapiro wrote:

> Don Burns wrote:
> >
> >Thanks for the quick reply.  I've tried your suggestions and came up 
> >empty.  db_check --all did not report errors, list_lists output was clean 
> >and everything expected, A couple of debug lines in listinfo.py never 
> >showed up (I assumed they would print in logs/error).  There are no 
> >foreign files or directories in lists. 
> >
> >I do have a new piece to the puzzle.  The apache2 log file reports this 
> >when accessing a cgi-script:
> >
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8] 
> >@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8] [----- Mailman 
> >Version: 2.1.4 -----]
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8] [----- Traceback 
> >------]
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8] Traceback (most 
> >recent call last):
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8]   File 
> >"/usr/lib/mailman/scripts/driver", line 241, in ?
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8]     run_main()
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8]   File 
> >"/usr/lib/mailman/scripts/driver", line 69, in run_main
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8]     import 
> >xml.sax.saxutils
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8] ImportError: No 
> >module named xml.sax.saxutils
> >[Sat Jan 22 13:12:46 2005] [error] [client 63.204.157.8] [Mailman: low 
> >level unrecoverable exception]
> >
> >Upon investigation, it looks as if the error at line 69 (import of 
> >xml.sax.saxutils) is one relating to an error message.  Perhaps this is 
> >why the traceback on the error (useful debug info) is failing?
> 
> Something is very strange. The line #s in the above trace don't
> correlate with the 2.1.4 scripts/driver. Also there is no "import
> xml.sax.saxutils" in this file and Mailman doesn't import
> xml.sax.saxutils ( a Python library module) anywhere that I can see.
> 
> Possibly scripts/driver has been replaced and/or something is wrong
> with the wrappers in cgi-bin/
> 
> --
> Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> 
>

More information about the Mailman-Users mailing list