Bug 174166 - CVE-2005-3573 Mailman Denial of Service
Summary: CVE-2005-3573 Mailman Denial of Service
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: mailman
Version: 5
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Harald Hoyer
QA Contact:
URL:
Whiteboard: impact=moderate,public=20050912,repor...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-11-25 12:40 UTC by Mark J. Cox
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2006-02-06 09:52:26 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Mark J. Cox 2005-11-25 12:40:02 UTC 
FC5test1 tracking bug, note that this issue is not fixed upstream in 2.1.6

+++ This bug was initially created as a clone of Bug #173140 +++

Mailman Denial of Service

A message with a malformed Content-Disposition: headers can crash
mailman and prevent a list from working.  The bad file will not affect
all lists hosted on the machine, only the list which receives the
malicious message.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732


This issue also affects FC3
Comment 1 Mark J. Cox 2006-01-31 08:17:40 UTC 
ping!  if fixed in rawhide please close this bug, otherwise please try to fix
this before FC5Test3 (Feb 6)
Comment 2 Mark J. Cox 2006-02-06 09:19:08 UTC 
ping!  if fixed in rawhide please close this bug, otherwise please try to fix
this before FC5Test3 (Feb 13 freeze)
Comment 3 Harald Hoyer 2006-02-06 09:52:26 UTC 
I believe this is fixed in mailman-2.1.7
Comment 4 Mark J. Cox 2006-02-06 10:06:13 UTC 
agreed: 2.1.7 contains this code which looks like another way of fixing the issue

    # i18n file name is encoded                                                 
    lcset = Utils.GetCharSet(mlist.preferred_language)
    filename = Utils.oneline(msg.get_filename(''), lcset)
    fnext = os.path.splitext(filename)[1]
Note You need to log in before you can comment on or make changes to this bug.