[Mailman-Users] Is mailman vulnerable to the httpoxy bug?

Mark Sapiro mark at msapiro.net
Fri Jul 22 22:59:45 EDT 2016

On 7/22/16 6:39 PM, Perry E. Metzger wrote:
> It works by an attacker inserting an http_proxy header into the
> headers which it presents to the web server, which are then passed in
> the HTTP_PROXY environment variable to the CGI script. I think that
> there aren't many ways to read this.

And Mailman 2.1's CGIs will do absolutely nothing with an HTTP_PROXY
environment variable. They won't look for it even if it's there. They
look at things like query strings and POST data to determine what to do
and then they write HTML to stdout.

> I don't know. I don't know if Mailman uses any of the vulnerable
> routines that might cause HTTP_PROXY being set to cause trouble.

Mailman 2.1 uses the Python cgi module and uses only cgi.FieldStorage()
to retrieve POST data and query fragments.

It uses nothing other than writes to stdout to send any kind of output.

Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list