Bug 174166 - CVE-2005-3573 Mailman Denial of Service
CVE-2005-3573 Mailman Denial of Service
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: mailman (Show other bugs)
5
All Linux
medium Severity medium
: ---
: ---
Assigned To: Harald Hoyer
impact=moderate,public=20050912,repor...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-11-25 07:40 EST by Mark J. Cox (Product Security)
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-06 04:52:26 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mark J. Cox (Product Security) 2005-11-25 07:40:02 EST
FC5test1 tracking bug, note that this issue is not fixed upstream in 2.1.6

+++ This bug was initially created as a clone of Bug #173140 +++

Mailman Denial of Service

A message with a malformed Content-Disposition: headers can crash
mailman and prevent a list from working.  The bad file will not affect
all lists hosted on the machine, only the list which receives the
malicious message.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=327732


This issue also affects FC3
Comment 1 Mark J. Cox (Product Security) 2006-01-31 03:17:40 EST
ping!  if fixed in rawhide please close this bug, otherwise please try to fix
this before FC5Test3 (Feb 6)
Comment 2 Mark J. Cox (Product Security) 2006-02-06 04:19:08 EST
ping!  if fixed in rawhide please close this bug, otherwise please try to fix
this before FC5Test3 (Feb 13 freeze)
Comment 3 Harald Hoyer 2006-02-06 04:52:26 EST
I believe this is fixed in mailman-2.1.7
Comment 4 Mark J. Cox (Product Security) 2006-02-06 05:06:13 EST
agreed: 2.1.7 contains this code which looks like another way of fixing the issue

    # i18n file name is encoded                                                 
    lcset = Utils.GetCharSet(mlist.preferred_language)
    filename = Utils.oneline(msg.get_filename(''), lcset)
    fnext = os.path.splitext(filename)[1]

Note You need to log in before you can comment on or make changes to this bug.