Bug 677375 (CVE-2011-0707)

Summary: CVE-2011-0707 Mailman: Three XSS flaws due improper escaping of the full name of the member
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: jkaluza, mjc, security-response-team
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 15:23:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 677843, 677844, 677845, 677846, 677848, 677849, 679644, 833939    
Bug Blocks:    

Description Jan Lieskovsky 2011-02-14 14:43:58 UTC 
Mailman, the mailing list manager, did not properly sanitize
full name of the mailing list member, in the following confirmation
dialogs:
1), "Confirm unsubscription request" screen,
2), "Confirm change of email address request" screen,
3), "Re-enable mailing list membership" screen.

A remote, authenticated user could use these flaws to conduct
cross-site scripting (XSS) attacks (execute arbitrary HTML or
scripting code) via a specially-crafted full name of the mailing
list member.

References:
[1] http://mail.python.org/pipermail/mailman-announce/2011-February/000157.html

Acknowledgements:

Red Hat would like to thank Mark Sapiro for reporting these flaws.
Comment 3 Jan Lieskovsky 2011-02-14 14:51:39 UTC 
These issues affect the versions of the mailman package, as shipped
with Red Hat Enterprise Linux 4, 5, and 6.

--

These issues affect the versions of the mailman package, as shipped
with Fedora release of 13 and 14.
Comment 7 Huzaifa S. Sidhpurwala 2011-02-18 16:09:41 UTC 
Public via:

http://mail.python.org/pipermail/mailman-announce/2011-February/000158.html
Comment 8 Huzaifa S. Sidhpurwala 2011-02-23 04:12:04 UTC 
Created mailman tracking bugs for this issue

Affects: fedora-all [bug 679644]
Comment 9 errata-xmlrpc 2011-03-01 22:42:59 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2011:0307 https://rhn.redhat.com/errata/RHSA-2011-0307.html
Comment 10 errata-xmlrpc 2011-03-01 22:53:21 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2011:0308 https://rhn.redhat.com/errata/RHSA-2011-0308.html