CVE-2004-1143
CVSS7.5
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 22:51:39
NMCOS    

[原文]The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.


[CNNVD]mailman远程跨站脚本执行漏洞(CNNVD-200412-334)

        
        GNU Mailman是由Python开发的共享软件,利用它可以管理邮件列表。
        GNU Mailman在返回错误页面时"scripts/driver"没有充分过滤输入,远程攻击者可以利用这个漏洞构建恶意链接,诱使用户访问,可获得目标用户的COOKIE等敏感信息。
        目前没有详细漏洞细节提供。
        

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:gnu:mailman:2.0.7GNU Mailman 2.0.7
cpe:/a:gnu:mailman:2.0:beta5GNU Mailman 2.0 beta5
cpe:/a:gnu:mailman:2.1GNU Mailman 2.1
cpe:/a:gnu:mailman:1.1GNU Mailman 1.1
cpe:/a:gnu:mailman:2.0GNU Mailman 2.0
cpe:/a:gnu:mailman:2.0:beta3GNU Mailman 2.0 beta3
cpe:/a:gnu:mailman:2.1b1GNU Mailman 2.1b1
cpe:/a:gnu:mailman:1.0GNU Mailman 1.0
cpe:/a:gnu:mailman:2.0:beta4GNU Mailman 2.0 beta4
cpe:/a:gnu:mailman:2.0.8GNU Mailman 2.0.8
cpe:/a:gnu:mailman:2.0.13GNU Mailman 2.0.13
cpe:/a:gnu:mailman:2.0.3GNU Mailman 2.0.3
cpe:/a:gnu:mailman:2.1.2GNU Mailman 2.1.2
cpe:/a:gnu:mailman:2.0.10GNU Mailman 2.0.10
cpe:/a:gnu:mailman:2.0.6GNU Mailman 2.0.6
cpe:/a:gnu:mailman:2.0.9GNU Mailman 2.0.9
cpe:/a:gnu:mailman:2.0.12GNU Mailman 2.0.12
cpe:/a:gnu:mailman:2.0.4GNU Mailman 2.0.4
cpe:/a:gnu:mailman:2.1.3GNU Mailman 2.1.3
cpe:/a:gnu:mailman:2.0.2GNU Mailman 2.0.2
cpe:/a:gnu:mailman:2.1.1GNU Mailman 2.1.1
cpe:/a:gnu:mailman:2.0.11GNU Mailman 2.0.11
cpe:/a:gnu:mailman:2.0.5GNU Mailman 2.0.5
cpe:/a:gnu:mailman:2.1.4GNU Mailman 2.1.4
cpe:/a:gnu:mailman:2.0.1GNU Mailman 2.0.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1143
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1143
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-334
(官方数据源) CNNVD

- 其它链接及资源

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796
(PATCH)  CONFIRM  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286796
http://marc.info/?l=bugtraq&m=110549296126351&w=2
(UNKNOWN)  BUGTRAQ  20050110 [USN-59-1] mailman vulnerabilities
http://www.novell.com/linux/security/advisories/2005_07_mailman.html
(UNKNOWN)  SUSE  SUSE-SA:2005:007
http://xforce.iss.net/xforce/xfdb/18857
(UNKNOWN)  XF  mailman-weak-encryption(18857)

- 漏洞信息

mailman远程跨站脚本执行漏洞
高危 未知
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        
        GNU Mailman是由Python开发的共享软件,利用它可以管理邮件列表。
        GNU Mailman在返回错误页面时"scripts/driver"没有充分过滤输入,远程攻击者可以利用这个漏洞构建恶意链接,诱使用户访问,可获得目标用户的COOKIE等敏感信息。
        目前没有详细漏洞细节提供。
        

- 公告与补丁

        厂商补丁:
        MandrakeSoft
        ------------
        MandrakeSoft已经为此发布了一个安全公告(MDKSA-2005:015)以及相应补丁:
        MDKSA-2005:015:Updated mailman packages fix
        链接:
        http://www.linux-mandrake.com/en/security/2005/2005-015.php

        补丁下载:
        Updated Packages:
        Mandrakelinux 10.0:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/RPMS/mailman-2.1.4-2.2.100mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.0/SRPMS/mailman-2.1.4-2.2.100mdk.src.rpm
        Mandrakelinux 10.0/AMD64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/RPMS/mailman-2.1.4-2.2.100mdk.amd64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/amd64/10.0/SRPMS/mailman-2.1.4-2.2.100mdk.src.rpm
        Mandrakelinux 10.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.1/RPMS/mailman-2.1.5-7.2.101mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/10.1/SRPMS/mailman-2.1.5-7.2.101mdk.src.rpm
        Mandrakelinux 10.1/X86_64:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/10.1/RPMS/mailman-2.1.5-7.2.101mdk.x86_64.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/x86_64/10.1/SRPMS/mailman-2.1.5-7.2.101mdk.src.rpm
        Corporate Server 2.1:
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/RPMS/mailman-2.0.14-1.2.C21mdk.i586.rpm
        ftp://download.sourceforge.net/pub/mirrors/mandrake/updates/corporate/2.1/SRPMS/mailman-2.0.14-1.2.C21mdk.src.rpm
        Corporate Server 2.1/x86_64:
        上述升级软件还可以在下列地址中的任意一个镜像ftp服务器上下载:
        
        http://www.mandrakesecure.net/en/ftp.php

- 漏洞信息

12854
Mailman Error Page XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Mailman contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to scripts/driver when returning error pages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2005-01-12 Unknow
Unknow Unknow

- 解决方案

Upgrade to version mailman_2.1.5-1ubuntu2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

GNU Mailman Multiple Remote Vulnerabilities
Unknown 12243
Yes No
2005-01-11 12:00:00 2009-07-12 09:27:00
Discovery of these vulnerabilities is credited to Florian Weimer and Juha-Matti Tapio.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0 x86_64
S.u.S.E. Linux Personal 9.0
S.u.S.E. Linux Personal 8.2
RedHat Enterprise Linux WS 4
RedHat Enterprise Linux ES 4
RedHat Desktop 4.0
RedHat Desktop 3.0
Red Hat Enterprise Linux AS 4
GNU Mailman 2.1.10 b1
GNU Mailman 2.1.5
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 3
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 3
GNU Mailman 2.1.4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU Mailman 2.1.3
GNU Mailman 2.1.2
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
GNU Mailman 2.1.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
GNU Mailman 2.1
GNU Mailman 2.0.14
+ MandrakeSoft Corporate Server 2.1 x86_64
+ MandrakeSoft Corporate Server 2.1
GNU Mailman 2.0.13
+ Red Hat Enterprise Linux AS 2.1 IA64
+ Red Hat Enterprise Linux AS 2.1
+ RedHat Enterprise Linux ES 2.1 IA64
+ RedHat Enterprise Linux ES 2.1
+ RedHat Enterprise Linux WS 2.1 IA64
+ RedHat Enterprise Linux WS 2.1
GNU Mailman 2.0.12
GNU Mailman 2.0.11
+ Debian Linux 3.0
GNU Mailman 2.0.10
GNU Mailman 2.0.9
GNU Mailman 2.0.8
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
- RedHat PowerTools 7.1
- RedHat PowerTools 7.0
GNU Mailman 2.0.7
GNU Mailman 2.0.6
GNU Mailman 2.0.5
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Conectiva Linux 5.1
+ Conectiva Linux 5.0
+ Conectiva Linux 4.2
+ Conectiva Linux 4.1
- Debian Linux 2.2 sparc
- Debian Linux 2.2 powerpc
- Debian Linux 2.2 arm
- Debian Linux 2.2 alpha
- Debian Linux 2.2 68k
- Debian Linux 2.2
- FreeBSD FreeBSD 4.3
- HP HP-UX 11.11
- HP HP-UX 11.0
- HP HP-UX 10.20
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 7.2
- Mandriva Linux Mandrake 7.1
- NetBSD NetBSD 1.5.2
- NetBSD NetBSD 1.5.1
- OpenBSD OpenBSD 2.9
- OpenBSD OpenBSD 2.8
- OpenBSD OpenBSD 2.7
- RedHat Linux 7.1
- RedHat Linux 7.0
- S.u.S.E. Linux 7.2
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- Slackware Linux 8.0
- Slackware Linux 7.1
- Slackware Linux 7.0
- Sun Solaris 8_sparc
- Sun Solaris 7.0
- Sun Solaris 2.6
GNU Mailman 2.0.4
GNU Mailman 2.0.4
GNU Mailman 2.0.3
GNU Mailman 2.0.2
GNU Mailman 2.0.1
GNU Mailman 2.0 beta5
+ RedHat Secure Web Server 3.2 i386
GNU Mailman 2.0 beta4
- BSDI BSD/OS 4.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ RedHat Secure Web Server 3.2 i386
+ RedHat Secure Web Server 3.1 sparc
+ RedHat Secure Web Server 3.1 i386
+ RedHat Secure Web Server 3.1 alpha
+ RedHat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 beta3
- BSDI BSD/OS 4.0
- Conectiva Linux 5.1
- Conectiva Linux 5.0
- Conectiva Linux 4.2
- Conectiva Linux 4.1
- Debian Linux 2.2
- Debian Linux 2.1
- Digital UNIX 4.0
- FreeBSD FreeBSD 5.0
- FreeBSD FreeBSD 4.0
- FreeBSD FreeBSD 3.5
- HP HP-UX 11.0
- HP HP-UX 10.20
- IBM AIX 4.3
- Mandriva Linux Mandrake 7.1
- Mandriva Linux Mandrake 7.0
- NetBSD NetBSD 1.4.2 x86
- NetBSD NetBSD 1.4.1 x86
+ RedHat Secure Web Server 3.2 i386
+ RedHat Secure Web Server 3.1 sparc
+ RedHat Secure Web Server 3.1 i386
+ RedHat Secure Web Server 3.1 alpha
+ RedHat Secure Web Server 3.0 i386
- SGI IRIX 6.5
- Sun Solaris 8_sparc
- Sun Solaris 7.0
GNU Mailman 2.0 .8
+ RedHat Secure Web Server 3.2 i386
GNU Mailman 2.0 .7
GNU Mailman 2.0 .6
+ RedHat Linux 7.2 i386
GNU Mailman 2.0 .5
GNU Mailman 2.0 .3
GNU Mailman 2.0 .2
GNU Mailman 2.0 .1
GNU Mailman 2.0
GNU Mailman 1.1
+ Debian Linux 2.2 sparc
+ Debian Linux 2.2 powerpc
+ Debian Linux 2.2 IA-32
+ Debian Linux 2.2 arm
+ Debian Linux 2.2 alpha
+ Debian Linux 2.2 68k
+ Debian Linux 2.2
GNU Mailman 1.0
+ Debian Linux 2.1
Gentoo Linux

- 漏洞讨论

GNU Mailman is reported prone to multiple remote vulnerabilities. The following individual issues are reported:

It is reported that GNU Mailman is affected by an information disclosure vulnerability.

Information that is harvested by exploiting this vulnerability may be used to aid in further attacks that are launched against a target user, or the computer that is hosting the vulnerable software.

A cross-site scripting vulnerability has been discovered in GNU Mailman. The issue occurs due to insufficient sanitization of user-supplied data.

It may be possible to exploit this issue in order to steal an unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks are also possible.

Finally, Mailman is reported prone to a weak auto-generated password vulnerability. It is reported that, when a user subscribes to a mailing list and a password is not specified, Mailman will auto-generate one. The password generation algorithm will generate a weak low entropy password. This password may potentially be brute forced by an attacker.

- 漏洞利用

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 解决方案

Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with these and other issues. For more information, please see the referenced advisory.

Ubuntu has released an advisory called USN-59-1 to address these issues for Ubuntu Linux. Please see the referenced advisory for further information.

Gentoo Linux has released advisory GLSA 200501-29 to address these issues. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r3"
Please see the referenced advisory for further information.

Mandrake Linux has released advisory MDKSA-2005:015 along with fixes dealing with this issue. Please see the referenced advisory for more information.

SuSE Linux has released a security summary report (SUSE-SR:2005:002) that contains fixes to address this and other vulnerabilities. SuSE Linux has also released advisory SUSE-SA:2005:007 to supersede the earlier advisory

Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.

Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.

Red Hat has released advisory RHSA-2005:235-05 to address the cross-site scripting issue (CAN-2004-1177). Please see the referenced advisory for more information.


GNU Mailman 2.0.11

GNU Mailman 2.0.13

GNU Mailman 2.1.1

GNU Mailman 2.1.2

GNU Mailman 2.1.4

GNU Mailman 2.1.5

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站