GNU Mailman

Arbitrary text injection vulnerability in Mailman CGIs

Bug #1780874 reported by Mark Sapiro on 2018-07-09

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	GNU Mailman	Fix Released	Low	Mark Sapiro	GNU Mailman 2.1.28

Bug Description

A URL with a very long text listname such as

http://www.example.com/mailman/listinfo/This_is_a_long_string_with_some_phishing_text

will echo the text in the "No such list" error response. This can be used to make a potential victim think the phishing text comes from a trusted site.

This issue was discovered by Hammad Qureshi <email address hidden>.

See original description

Related branches

lp:mailman/2.1

CVE References

2018-13796

Revision history for this message

Mark Sapiro (msapiro) wrote on 2018-07-23:

This patch mitigates the content spoofing vulnerability by truncating long list names.

information type:

Private Security → Public

Mark Sapiro (msapiro) on 2018-07-23

Changed in mailman:
status:	In Progress → Fix Released

Mark Sapiro (msapiro) on 2018-07-23

description:

updated

Revision history for this message

Mark Sapiro (msapiro) wrote on 2018-07-24:

Updated patch to fix this issue Edit (1.5 KiB, text/plain)

The prior patch was wrong. It has been removed. This patch is good.

Report a bug

This report contains Public information

Everyone can see this information.

Duplicates of this bug

Bug #1913241

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Updated patch to fix this issue Edit

Add patch

Remote bug watches

Bug watches keep track of this bug in other bug trackers.