Bug 147833 - CAN-2004-1177 - mailman
CAN-2004-1177 - mailman
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: mailman (Show other bugs)
3.0
All Linux
medium Severity high
: ---
: ---
Assigned To: John Dennis
impact=important,public=20050110
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-11 14:23 EST by Richard Phipps
Modified: 2007-11-30 17:07 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-21 13:31:20 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Richard Phipps 2005-02-11 14:23:10 EST
Description of problem:
 Missing XSS security patches for mailman-2.1.5 ?
 
Version-Release number of selected component (if applicable):
 mailman-2.1.5-24.rhel3

Additional info:
 It appears there was an XSS vuln in mailman thru version 2.1.5
 that was patched by other vendors, but not yet patched in
 RHEL to date(2005-02-11): [CAN-2004-1177] cross-site scripting in 
 /var/mailman/scripts/driver

See also: 
https://bugzilla.ubuntu.com/show_bug.cgi?id=5057
http://www.securityfocus.com/bid/12243
Comment 1 John Dennis 2005-02-25 18:55:56 EST
fixed, errata RHSA-2005-235
Comment 2 Josh Bressers 2005-02-28 06:38:09 EST
I'm reopening this bug.  The errata system will close this when we
push the errata.
Comment 3 Mark J. Cox (Product Security) 2005-03-21 13:31:21 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-235.html
Comment 4 Matthew Miller 2005-03-21 13:42:42 EST
I don't see updates for Fedora Core in the FTP tree; are those on the way? Thanks.
Comment 5 Mark J. Cox (Product Security) 2005-03-21 13:49:41 EST
you need bug 151643 for this flaw in Fedora Core
Comment 6 Matthew Miller 2005-03-21 13:52:28 EST
thanks
Comment 7 Josh Bressers 2006-06-14 08:38:29 EDT
This comment is from my mail archive.  I'm adding it due to the bugzilla crash:

------- Additional Comments From deisenst@gtw.net  2006-06-11 04:08 EST -------
Created an attachment (id=130926)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=130926&action=view)
Debian's patch for this issue for mailman-2.0.11

Looking over mailman for updating RHL 7.3 for Fedora Legacy, I was noticing
that this vulnerability was not patched in RHEL 2.1's
"mailman-2.0.13/scripts/driver" source file.  Debian, however, did patch
this for Debian Woody, mailman 2.0.11.

The attachment is the portion of Debian's patch file at
http://security.debian.org/pool/updates/main/m/mailman/mailman_2.0.11-1woody11.diff.gz

that (I think) would be relevant to this issue in the
"mailman-2.0.13/scripts/driver" file in RHEL 2.1's .src.rpm.  It applies
cleanly to mailman-2.0.13 sources.

My only guess why this issue was not patched for RHEL 2.1 is that the driver
script defaults to STEALTH_MODE = 1... which causes the code that could
potentially generate XSS web output to be skipped.

But if the user decided to turn off STEALTH_MODE (by changing line 30 of
mailman's driver file to "STEALTH_MODE = 0"), then wouldn't that user be
susceptible to the CAN-2004-1177 vulnerability?

Please let me know.    Regards,     -David E.
Comment 8 Josh Bressers 2006-06-14 08:59:44 EDT
------- Additional Comments From bressers@redhat.com  2006-06-13 11:54 EST -------
See bug 164933 for a description why this issue doesn't affect RHEL2.1 (and
likely  other old versions of mailman).

Note You need to log in before you can comment on or make changes to this bug.