Bug 152667 - CVE-2003-0991 mailman DoS in the mail command handler
CVE-2003-0991 mailman DoS in the mail command handler
Status: CLOSED DUPLICATE of bug 152895
Product: Fedora Legacy
Classification: Retired
Component: Package request (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Fedora Legacy Bugs
https://sourceforge.net/project/shown...
LEGACY, rh73, rh80
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-08 09:22 EST by Jesse Keating
Modified: 2014-01-21 17:51 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-05 18:48:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description David Lawrence 2005-03-30 18:23:18 EST
There is a dos bug that seems to effect all of mailman 2.0.x.  This version is
included in RHL 7.2-8.  An updated release has been made by mailman, we need to
figure out the patch and backport it.

http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
https://sourceforge.net/project/shownotes.php?release_id=97760
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0991



------- Additional Comments From skvidal@phy.duke.edu 2004-02-08 09:24:46 ----

patch is here
http://osdn.dl.sourceforge.net/sourceforge/mailman/mailman-2.0.13-2.0.14-diff.txt



------- Additional Comments From jkeating@j2solutions.net 2004-02-08 09:25:33 ----

I'll build this today.



------- Additional Comments From skvidal@phy.duke.edu 2004-02-08 09:27:58 ----

building packages now.



------- Additional Comments From skvidal@phy.duke.edu 2004-02-08 09:47:10 ----

Hash: SHA1
 
downloaded patch and built against 7.3
http://linux.duke.edu/~skvidal/RPMS/fedoralegacy/mailman/mailman-2.0.14-0.7.3.1.legacy.i386.rpm
http://linux.duke.edu/~skvidal/RPMS/fedoralegacy/mailman/mailman-2.0.14-0.7.3.1.legacy.src.rpm
 
All looks good. Will test on production in a few.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFAJpSX1Aj3x2mIbMcRAq5HAJ406uhjB83gd+igicq8/ccRICMrVgCgonX+
bX6KTBF9Dm1uTqA/vL7w+jM=
=biNY
-----END PGP SIGNATURE-----




------- Additional Comments From skvidal@phy.duke.edu 2004-02-08 09:52:03 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
Verified on a production server, performs normally. I don't have a good way of
testing the DoS, of course.
PUBLISH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFAJpW/1Aj3x2mIbMcRAq5+AJ9eqo3VNvxNwBBBEybHwySLRsyncACcDWpy
cKWmN3MIsWM+uE0hFKZGFdA=
=YJcg
-----END PGP SIGNATURE-----




------- Additional Comments From Freedom_Lover@pobox.com 2004-02-11 07:46:30 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mailman QA on Red Hat 7.2, 7.3, 8.0

using:

http://linux.duke.edu/~skvidal/RPMS/fedoralegacy/mailman/mailman-2.0.14-0.7.3.1.legacy.src.rpm
1796922a2124822e3c432096056d7b5ac567314d  mailman-2.0.14-0.7.3.1.legacy.src.rpm

* packages signed by Seth Vidal <skvidal@phy.duke.edu> (gpg key 0x69886CC7)
* source rpm differs from previous RH releases only by updated patch + spec
* patch file matches the one downloaded from sourceforge[1]
* package builds fine (with noted exception on RH8.0 and missing BuildRequires)
* package file list matches previous RH package
* basic functionality tests pass and match those of previous RH release

* missing BuildRequires: autoconf automake
* unpackaged files cause RH 8.0 build to fail
* previous rh errata for 7.2 and 7.3 are identical, should the legacy release
  just be 7.x?

[1]
http://osdn.dl.sourceforge.net/sourceforge/mailman/mailman-2.0.13-2.0.14-diff.txt

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl.

iD8DBQFAKmzsuv+09NZUB1oRAqTwAJ9Q+a76zIHVyJAFXgzuy4y0+DjqzACeLVUd
OI6RI64nX2j7/7vCq2u8uEM=
=7H+I
-----END PGP SIGNATURE-----



------- Additional Comments From Freedom_Lover@pobox.com 2004-02-11 07:49:21 ----

Created an attachment (id=529)
patch to incorporate minor changes present in RH8.0 spec, add missing
BuildRequires, and remove unpackaged files that prevent RH8.0 from building




------- Additional Comments From skvidal@phy.duke.edu 2004-02-23 11:28:37 ----

I think this one should be pushed out to updates-testing and timed out for
updates release after a week.



------- Additional Comments From jkeating@j2solutions.net 2004-02-23 19:58:51 ----

Pushed to updates-testing.



------- Additional Comments From warren@togami.com 2004-02-23 21:15:26 ----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
mailman-2.0.14-0.7.3.1.legacy I have been using personally in production
since February 11th at fedora.us, and it seems to be working well.
Tested only on RH7.3.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
 
iD8DBQFAOvl3a93+jlSirPERAtZcAKCKKoFxsEdVsVLnEc/YC/OoAFdOvwCdHDfh
P6EnwPzCj5knGonk3Yx6a/8=
=ZAuL
-----END PGP SIGNATURE-----




------- Additional Comments From warren@togami.com 2004-02-25 22:32:48 ----

Hmm, I upgraded to Seth's package on February 11th, but I realized today that my
mailman stopped delierying all mail on February 22nd.  After I downgraded back
to mailman-2.0.13-1 it began working again.

Doing more analysis...



------- Additional Comments From skvidal@phy.duke.edu 2004-02-26 02:20:37 ----

I've not seen that on my servers.






------- Additional Comments From warren@togami.com 2004-02-28 01:06:58 ----

Want to login here and see what happens when I upgrade back to this package?  I
tried for a few hours to debug this issue without any luck.



------- Additional Comments From chris.geddings@duke.edu 2004-03-11 09:18:40 ----

Having a problem:
Mar 11 14:09:00 2004 qrunner(3259): Traceback (innermost last):
Mar 11 14:09:00 2004 qrunner(3259):   File "/var/mailman/cron/qrunner", line
283, in ?
Mar 11 14:09:00 2004 qrunner(3259):      kids = main(lock)
Mar 11 14:09:00 2004 qrunner(3259):   File "/var/mailman/cron/qrunner", line
253, in main
Mar 11 14:09:00 2004 qrunner(3259):      keepqueued = dispose_message(mlist,
msg, msgdata)
Mar 11 14:09:00 2004 qrunner(3259):   File "/var/mailman/cron/qrunner", line
157, in dispose_message
Mar 11 14:09:00 2004 qrunner(3259):      mlist.ParseMailCommands(msg)
Mar 11 14:09:00 2004 qrunner(3259):   File
"/var/mailman/Mailman/MailCommandHandler.py", line 163, in ParseMailCommands
Mar 11 14:09:00 2004 qrunner(3259):      splitsubj = string.split(subject)
Mar 11 14:09:00 2004 qrunner(3259): TypeError :  argument 1: expected read-only
character buffer, None found



Editing "/var/mailman/Mailman/MailCommandHandler.py", and adding a tab in front
of the splitsubj = line seems to fix the queue runner.





------- Additional Comments From skvidal@phy.duke.edu 2004-03-11 09:19:24 ----

I'll be attaching a patch for this in just second.




------- Additional Comments From warren@togami.com 2004-03-22 00:07:07 ----

Tried Seth's package on RH7.3 again, within a day or two mailman became a black
hole again.  Downgraded again for now...



------- Additional Comments From jkeating@j2solutions.net 2004-05-18 16:18:54 ----

Seth, what is the status of this?  I'd like to see this get sent out.



------- Additional Comments From skvidal@phy.duke.edu 2004-06-16 19:18:49 ----

I can't replicate this any longer. Cancelling the need to hold this one.





------- Additional Comments From ville.skytta@iki.fi 2004-08-09 05:10:41 ----

Keyword cleanup for http://www.fedora.us/NEEDSWORK



------- Additional Comments From bugzilla.fedora.us@beej.org 2005-01-29 12:57:09 ----

i did a quick survey or mailman-related CVE entries.

it looks like the rh73 version of mailman (2.0.13) is vulnerable to the following:
CVE-2002-0389
CVE-2003-0991
CAN-2004-1143
CAN-2004-1177

i'm not sure if the patch incorporated in the current candidate rpm's introduces
the following:
CAN-2004-0182

this is purportedly not exploitable:
CAN-2003-0038

these are purportedly not relevant to this release:
CAN-2003-0965
CAN-2003-0992
CAN-2004-0412

these were already fixed by redhat:
CAN-2002-0388
CVE-2002-0855



------- Additional Comments From dom@earth.li 2005-02-11 03:02:39 ----

Superceded by bug 2419.



------- Bug moved to this database by dkl@redhat.com 2005-03-30 18:23 -------

This bug previously known as bug 1269 at https://bugzilla.fedora.us/
https://bugzilla.fedora.us/show_bug.cgi?id=1269
Originally filed under the Fedora Legacy product and Package request component.

Attachments:
patch to incorporate minor changes present in RH8.0 spec, add missing BuildRequires, and remove unpackaged files that prevent RH8.0 from building
https://bugzilla.fedora.us/attachment.cgi?action=view&id=529

Unknown priority P2. Setting to default priority "normal".
Unknown platform PC. Setting to default platform "All".
Setting qa contact to the default for this product.
   This bug either had no qa contact or an invalid one.

Comment 1 Marc Deslauriers 2005-04-05 18:48:14 EDT

*** This bug has been marked as a duplicate of 152895 ***

Note You need to log in before you can comment on or make changes to this bug.