Home > Security > Advisories

Advisories

Mandriva Advisories

Package name mailman
Date February 14th, 2005
Advisory ID MDKSA-2005:037
Affected versions 10.0, 10.1, CS2.1, CS3.0
Synopsis Updated mailman packages fix directory traversal vulnerability

Problem Description

A vulnerability was discovered in Mailman, which allows
a remote directory traversal exploit using URLs of the form
".../....///" to access private Mailman configuration data.

The vulnerability lies in the Mailman/Cgi/private.py file.

Updated packages correct this issue.

Updated Packages

Mandrakelinux 10.0

 2962bcf8974ad0f4f0e47fa957a8a276  10.0/RPMS/mailman-2.1.4-2.3.100mdk.i586.rpm
6e1afd0483efcc74c780dd2a7533263a  10.0/SRPMS/mailman-2.1.4-2.3.100mdk.src.rpm

Mandrakelinux 10.0/AMD64

 7b2ba12c273fd6f39b2a98a533fe1029  amd64/10.0/RPMS/mailman-2.1.4-2.3.100mdk.amd64.rpm
6e1afd0483efcc74c780dd2a7533263a  amd64/10.0/SRPMS/mailman-2.1.4-2.3.100mdk.src.rpm

Mandrakelinux 10.1

 d2382f8a1d35bbf90ac29729d67f5508  10.1/RPMS/mailman-2.1.5-7.3.101mdk.i586.rpm
8db653937cb2b97d7ab637b1e573c212  10.1/SRPMS/mailman-2.1.5-7.3.101mdk.src.rpm

Mandrakelinux 10.1/X86_64

 d4e2e15b0e16b4cb4db4e31c01ea71a9  x86_64/10.1/RPMS/mailman-2.1.5-7.3.101mdk.x86_64.rpm
8db653937cb2b97d7ab637b1e573c212  x86_64/10.1/SRPMS/mailman-2.1.5-7.3.101mdk.src.rpm

Corporate Server 2.1

 eb01c4300056aec9ed25b79906ba564a  corporate/2.1/RPMS/mailman-2.0.14-1.3.C21mdk.i586.rpm
f5bdc329649f114e49d8346406a34957  corporate/2.1/SRPMS/mailman-2.0.14-1.3.C21mdk.src.rpm

Corporate Server 2.1/X86_64

 eb01c4300056aec9ed25b79906ba564a  x86_64/corporate/2.1/RPMS/mailman-2.0.14-1.3.C21mdk.i586.rpm
f5bdc329649f114e49d8346406a34957  x86_64/corporate/2.1/SRPMS/mailman-2.0.14-1.3.C21mdk.src.rpm

Corporate Server 3.0

 e6df81bf7b44a9a02a9fc44910be76b0  corporate/3.0/RPMS/mailman-2.1.4-2.3.C30mdk.i586.rpm
d2642df15ee5a3e0bf965cf23563157c  corporate/3.0/SRPMS/mailman-2.1.4-2.3.C30mdk.src.rpm

Corporate Server 3.0/X86_64

 5c8a3cb930e10b38fbd8639ca942f329  x86_64/corporate/3.0/RPMS/mailman-2.1.4-2.3.C30mdk.x86_64.rpm
d2642df15ee5a3e0bf965cf23563157c  x86_64/corporate/3.0/SRPMS/mailman-2.1.4-2.3.C30mdk.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202

Upgrade

To upgrade automatically, use MandrivaUpdate.


Verification

Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :

                rpm --checksig package.rpm

You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.

If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.