CVE-2005-0202
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:08:27
NMCOS    

[原文]Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.


[CNNVD]Mailman远程目录遍历漏洞(CNNVD-200505-325)

        GNU Mailman是由Python开发的共享软件,利用它可以管理邮件列表。
        GNU Mailman private.py脚本存在安全问题,远程攻击者可以利用这个漏洞以进程权限查看系统文件内容。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:gnu:mailman:2.1.2GNU Mailman 2.1.2
cpe:/a:gnu:mailman:2.1.5GNU Mailman 2.1.5
cpe:/a:gnu:mailman:2.1.3GNU Mailman 2.1.3
cpe:/a:gnu:mailman:2.1.1GNU Mailman 2.1.1
cpe:/a:gnu:mailman:2.1GNU Mailman 2.1
cpe:/a:gnu:mailman:2.1.4GNU Mailman 2.1.4
cpe:/a:gnu:mailman:2.1b1GNU Mailman 2.1b1

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:10657dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could all...
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0202
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0202
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-325
(官方数据源) CNNVD

- 其它链接及资源

http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
(PATCH)  APPLE  APPLE-SA-2005-03-21
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html
(VENDOR_ADVISORY)  FULLDISC  20050209 Administrivia: List Compromised due to Mailman Vulnerability
http://marc.info/?l=bugtraq&m=110805795122386&w=2
(UNKNOWN)  BUGTRAQ  20050209 [USN-78-1] Mailman vulnerability
http://securitytracker.com/id?1013145
(UNKNOWN)  SECTRACK  1013145
http://www.debian.org/security/2005/dsa-674
(UNKNOWN)  DEBIAN  DSA-674
http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200502-11
http://www.mandriva.com/security/advisories?name=MDKSA-2005:037
(UNKNOWN)  MANDRAKE  MDKSA-2005:037
http://www.novell.com/linux/security/advisories/2005_07_mailman.html
(UNKNOWN)  SUSE  SUSE-SA:2005:007
http://www.redhat.com/support/errata/RHSA-2005-136.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:136
http://www.redhat.com/support/errata/RHSA-2005-137.html
(VENDOR_ADVISORY)  REDHAT  RHSA-2005:137

- 漏洞信息

Mailman远程目录遍历漏洞
中危 路径遍历
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        GNU Mailman是由Python开发的共享软件,利用它可以管理邮件列表。
        GNU Mailman private.py脚本存在安全问题,远程攻击者可以利用这个漏洞以进程权限查看系统文件内容。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.debian.org/security/2005/dsa-674

- 漏洞信息

13671
Mailman private.py true_path Function Traversal Arbitrary File Access
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity Upgrade
Uncoordinated Disclosure, Discovered in the Wild

- 漏洞描述

- 时间线

2005-02-09 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

GNU Mailman Remote Directory Traversal Vulnerability
Input Validation Error 12504
Yes No
2005-02-09 12:00:00 2009-07-12 10:06:00
The discoverer of this vulnerability is not known.

- 受影响的程序版本

Ubuntu Ubuntu Linux 4.1 ppc
Ubuntu Ubuntu Linux 4.1 ia64
Ubuntu Ubuntu Linux 4.1 ia32
SGI ProPack 3.0
RedHat Linux 9.0 i386
RedHat Linux 7.3 i686
RedHat Linux 7.3 i386
RedHat Linux 7.3
Red Hat Fedora Core3
Red Hat Fedora Core2
Red Hat Fedora Core1
Mandriva Linux Mandrake 10.1
Mandriva Linux Mandrake 10.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
GNU Mailman 2.1.5
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Mandriva Linux Mandrake 10.1 x86_64
+ Mandriva Linux Mandrake 10.1
+ Red Hat Enterprise Linux AS 4
+ Red Hat Enterprise Linux AS 3
+ RedHat Enterprise Linux Desktop version 4
+ RedHat Enterprise Linux ES 4
+ RedHat Enterprise Linux ES 3
+ RedHat Enterprise Linux WS 4
+ RedHat Enterprise Linux WS 3
GNU Mailman 2.1.4
+ MandrakeSoft Corporate Server 3.0
+ Mandriva Linux Mandrake 10.0 AMD64
+ Mandriva Linux Mandrake 10.0
GNU Mailman 2.1.3
GNU Mailman 2.1.2
+ Mandriva Linux Mandrake 9.2 amd64
+ Mandriva Linux Mandrake 9.2
GNU Mailman 2.1.1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i686
+ RedHat Linux 7.3 i386
+ RedHat Linux 7.3
GNU Mailman 2.1
Gentoo Linux
Apple Mac OS X Server 10.3.8
Apple Mac OS X Server 10.3.7
Apple Mac OS X Server 10.3.6
Apple Mac OS X Server 10.3.5
Apple Mac OS X Server 10.3.4
Apple Mac OS X Server 10.3.3
Apple Mac OS X Server 10.3.2
Apple Mac OS X Server 10.3.1
Apple Mac OS X Server 10.3
Apple Mac OS X Server 10.2.8
Apple Mac OS X Server 10.2.7
Apple Mac OS X Server 10.2.6
Apple Mac OS X Server 10.2.5
Apple Mac OS X Server 10.2.4
Apple Mac OS X Server 10.2.3
Apple Mac OS X Server 10.2.2
Apple Mac OS X Server 10.2.1
Apple Mac OS X Server 10.2
Apple Mac OS X Server 10.1.5
Apple Mac OS X Server 10.1.4
Apple Mac OS X Server 10.1.3
Apple Mac OS X Server 10.1.2
Apple Mac OS X Server 10.1.1
Apple Mac OS X Server 10.1
Apple Mac OS X Server 10.0

- 漏洞讨论

Mailman, when hosted on a web server that does not strip extra slashes from URLs (i.e. Apache 1.3.x), is reported prone to a remote directory traversal vulnerability.

The remote attacker may exploit this vulnerability to disclose the contents of web server readable files. Symantec has received reports of the username and password databases of public mailing lists being compromised through the exploitation of this vulnerability.

Information that is harvested by leveraging this vulnerability may be used to aid in further attacks against a target computer or victim user.

- 漏洞利用

No exploit is required.

- 解决方案

Debian Linux has released an updated advisory DSA 674-3 along with updated fixes dealing with this and other issues. For more information, please see the referenced advisory.

Mandrake Linux has released advisory MDKSA-2005:037 dealing with this issue. Please see the referenced advisory for additional information.

Debian Linux has released an advisory (DSA 674-1) dealing with this issue. Please see the reference section for more information.

Red Hat has released advisory RHSA-2005:136-08 and RHSA-2005:137-07 to provide fixes that address this issue on Red Hat Linux Enterprise platforms. Customers who are affected by this issue are advised to apply the appropriate updates. Customers subscribed to the Red Hat Network may apply the appropriate fixes using the Red Hat Update Agent (up2date). Please see referenced advisory for additional information.

Gentoo has released advisory GLSA 200502-11 addressing this issue.
All Mailman users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4"

RedHat Fedora Linux has released advisories FEDORA-2005-131 and FEDORA-2005-132 dealing with this issue for Fedora Core 2 and Core 3 respectively. Please see the referenced advisory for additional information.

Ubuntu Linux has released advisory USN-78-1 dealing with this issue. Please see the referenced advisory for additional information.

Debian Linux has released a second advisory (DSA 674-2). Apparently the first advisory failed to properly fix all of the issues. The fixes provided with the second advisory must be applied to packages fixed with the set of fixes released with the first advisory. Please see the reference section for more information.

SuSE has released advisory SUSE-SA:2005:007 to address this issue. Please see the referenced advisory for details on obtaining and applying fixes.

Ubuntu has released advisory USN-78-2 to release new fixes for Mailman. The fixes included in the previous Ubuntu advisory USN-78-1 cause the "private" module of Mailman to stop functioning. Please see the referenced advisory for more information.

SGI has released advisory 20050207-01-U including Patch 10144 that contains updated SGI ProPack 3 Service Pack 4 RPMs for the SGI Altix products. This patch addresses various issues. Please see the referenced advisory for more information.

Apple has released advisory (Security Update 2005-003) to address various issues. Please see the referenced advisory for more information. An Update for Mac OS X Server v10.3.8 is available.

RedHat Fedora has released Fedora Legacy security advisory FLSA:152895 addressing this issue. Please see the referenced advisory for further information.


Apple Mac OS X Server 10.3.8

GNU Mailman 2.1

GNU Mailman 2.1.1

GNU Mailman 2.1.2

GNU Mailman 2.1.4

GNU Mailman 2.1.5

SGI ProPack 3.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站