[Owasp-leaders] Mailman script insertion vulnerabilities

Magno Logan magno.logan at owasp.org
Thu Feb 24 05:04:23 EST 2011


The funny thing is that right under the article at Help Net Security they
have an ad asking you to subscribe to their newsletter, and the newsletter
uses Mailman version 2.1.14 (exactly the one that is vulnerable).

Help Net Security Newsletter:
http://helpnetsecurity.com/mailman/listinfo/news_helpnetsecurity.com


On Thu, Feb 24, 2011 at 6:31 AM, Nam Nguyen <namn at bluemoon.com.vn> wrote:

> This looks like a very limited vulnerability in view of exploitation.
> Nam
>
> On Thu, 24 Feb 2011 06:05:52 -0300
> Magno Logan <magno.logan at owasp.org> wrote:
>
> > Source: http://www.net-security.org/secworld.php?id=10640
> >
> > "Some vulnerabilities have been reported in Mailman, which can be
> exploited
> > by malicious users to conduct script insertion attacks, according to
> > Secunia.
> >
> > Input passed via the "full name" is not properly sanitised before being
> used
> > in the "Confirm unsubscription request", "Confirm change of email address
> > request", and "Re-enable mailing list membership" pages.
> >
> > This can be exploited to insert arbitrary HTML and script code, which
> will
> > be executed in a user's browser session in context of an affected site
> when
> > the malicious data is being viewed.
> >
> > The vulnerabilities are reported in version 2.1.14. Other versions may
> also
> > be affected.
> >
> > A patch is available."
> >
> >
> >
> >
> > The mailman from my chapter is version 2.1.8. Don't know if everyone has
> the
> > same version. But since my version is older than the one affected, I
> guess
> > we all are too. Shouldn't we update?
> >
> > English: http://www.debian.org/security/2011/dsa-2170
> >
> > Portuguese: http://blog.alexos.com.br/?p=2285&lang=pt-br
> >
> >
> > Regards,
> >
> > --
> > Magno (Logan) Rodrigues
> > OWASP Paraiba - Chapter Leader <http://www.owasp.org/index.php/Paraiba>
> > Twitter: @magnologan <http://www.twitter.com/magnologan>
>
>
> --
> Nam Nguyen, CISA, CISSP, CSSLP
> Blue Moon Consulting Co., Ltd
> http://www.bluemoon.com.vn
>



-- 
Magno (Logan) Rodrigues
OWASP Paraiba - Chapter Leader <http://www.owasp.org/index.php/Paraiba>
Twitter: @magnologan <http://www.twitter.com/magnologan>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110224/921e8e16/attachment-0001.html 


More information about the OWASP-Leaders mailing list