119313 – net-mail/mailman-2.1.6 - remote DoS (CVE-2005-4153)

Bug 119313 - net-mail/mailman-2.1.6 - remote DoS (CVE-2005-4153)

Summary: net-mail/mailman-2.1.6 - remote DoS (CVE-2005-4153)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B3? [noglsa] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2006-01-17 10:42 UTC by Carsten Lohrke (RETIRED)
Modified:	2006-02-26 03:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carsten Lohrke (RETIRED) gentoo-dev

2006-01-17 10:42:48 UTC

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.

Comment 1 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-01-17 11:52:42 UTC

net-mail please advise.

Comment 2 Thierry Carrez (RETIRED) gentoo-dev

2006-01-18 06:47:22 UTC

Can't tell if 2.1.7 includes the fix for this one... but in all cases looks like a good security bump.

2.1.7 (31-Dec-2005)

  Security

    - The fix for CAN-2005-0202 has been enhanced to issue an appropriate
      message instead of just quietly dropping ./ and ../ from URLs.

    - A note on CVE-2005-3573: Although the RFC2231 bug example in the CVE has
      been solved in Mailman 2.1.6, there may be more cases where
      ToDigest.send_digests() can block regular delivery.  We put the
      send_digests() calling part in a try/except clause and leave a message
      in the error log if something happened in send_digests().  Daily call of
      cron/senddigests will provide more detail to the site administrator.

    - List administrators can no longer change the user's option/subscription
      globally.  Site admin can change these only if
      mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.

    - Script tags are HTML-escaped in the edithtml CGI script.

    - Since the probe message for disabled users may reach unintended
      recipients, the password is excluded from sendProbe() and probe.txt.
      Note that the default value of VERP_PROBE has been set to `No' from
      2.1.6., thus this change doesn't affect the default behavior.

Comment 3 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-02-06 12:23:46 UTC

net-mail please provide an updated ebuild.

Comment 4 Tuan Van (RETIRED) gentoo-dev

2006-02-06 16:20:50 UTC

sorry for the late reply because mailman has been maintained by mholzer lately. We are waiting for hos response. Anyway, mailman-2.1.17 has been in the tree for quite some time.

*mailman-2.1.7 (03 Jan 2006)

  03 Jan 2006; Martin Holzer <mholzer@gentoo.org>
  +files/mailman-2.1.7-directory-check.patch, +mailman-2.1.7.ebuild:
  Version bumped.

best regards,
Tuan Van

Comment 5 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2006-02-06 22:54:22 UTC

Langthang sorry for not checking.

Arches please test and mark stable.

Comment 6 Simon Stelling (RETIRED) gentoo-dev

2006-02-07 05:02:08 UTC

amd64 stable

Comment 7 Chris Gianelloni (RETIRED) gentoo-dev

2006-02-08 13:55:46 UTC

x86 is done...

Comment 8 Jason Wever (RETIRED) gentoo-dev

2006-02-12 20:12:06 UTC

SPARC'd

Comment 9 Thierry Carrez (RETIRED) gentoo-dev

2006-02-13 10:20:38 UTC

Ready for glsa vote

Comment 10 Thierry Carrez (RETIRED) gentoo-dev

2006-02-16 12:57:20 UTC

Without more I tend to say no.

Comment 11 Stefan Cornelius (RETIRED) gentoo-dev

2006-02-23 12:05:02 UTC

1/2 no from me, too. Make it a full no if needed.

Comment 12 Thierry Carrez (RETIRED) gentoo-dev

2006-02-26 03:42:41 UTC

Closing.
Feel free to reopen if you intended to vote yes.