| Summary: | net-mail/mailman directory traversal (CAN-2005-0202) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | net-mail+disabled |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html | ||
| Whiteboard: | A3 [glsa] jaervosz | ||
| Package list: | Runtime testing required: | --- | |
This is going public in a few hours.
Suggested fix from Barry Warsaw:
=======================================
SLASH = '/'
def true_path(path):
"Ensure that the path is safe by removing .."
parts = [x for x in path.split(SLASH) if x not in ('.', '..')]
return SLASH.join(parts)[1:]
=============================================
langthang: please commit new patched ebuilds. Mailman won't release a new version until Friday.
mailman-2.1.5-r4 commited. archs, please mark stable. x86 :: tester sparc :: gustavoz amd64 :: blubb x86 there sparc done. Public @ http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html amd64 : please mark stable stable on amd64 GLSA 200502-11 |
Vulnerable code: def true_path(path): "Ensure that the path is safe by removing .." path = string.replace(path, "../", "") path = string.replace(path, "./", "") return path[1:]