Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: Remote file access --> Category: infos

Mailman private.py Directory Traversal Vulnerability Vulnerability Scan


Vulnerability Scan Summary
Checks for Mailman private.py Directory Traversal Vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

Authenticated Mailman users can view arbitrary files on the remote
host.

Description :

According to its version number, the remote installation of Mailman
reportedly is prone to a directory traversal vulnerability in
'Cgi/private.py'. The flaw comes into play only on web servers that
don't strip extraneous slashes from URLs, such as Apache 1.3.x, and
allows a list subscriber, using a specially crafted web request, to
retrieve arbitrary files from the server - any file accessible by the
user under which the web server operates, including email addresses
and passwords of subscribers of any lists hosted on the server. For
example, if '$user' and '$pass' identify a subscriber of the list
'$listname@$target', then the following URL :

http://$target/mailman/private/$listname/.../....///mailman?username=$user&password=$pass

allows access to archives for the mailing list named 'mailman' for
which the user might not otherwise be entitled.

See also :

http://mail.python.org/pipermail/mailman-announce/2005-February/000076.html
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html

Solution :

Upgrade to Mailman 2.1.6b1 or apply the fix referenced in the first
URL above.

Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:H/Au:R/C:P/A:N/I:N/B:C)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.