Hi, F�r alle die mailman benutzen und kein Bugtraq lesen: ---------------------------------------------------------- hola,
Endymion�s (http://www.endymion.com) Sakemail and Mailman have a classic file-disclosre vulnerability Product: Mailman - Webmailsystem (http://www.endymion.com) Problem Description: due to missing input-validation it is possible to read files with the webservers (or mailmans) permissions a similar (pretty much the same) bug was discovered 2 years ago from "secureality" (http://www.securereality.com.au/)/(http://online.securityfocus.com/archive/ 1/149214). Example: a HTTP-request to: http://hostname/cgi-bin/mmstdo*.cgi with the following parameters: USERNAME= PASSWORD= ALTERNATE_TEMPLATES= [relative FILE/PATH] [Nullbyte/0x00] ... will lead to disclosure of [FILE/PATH] Summary: object: mmstdo*.cgi (Perl Script) class: Reffering to OWASP-IV (Input Validation Classes) Directory Traversal (IV-DT-1) http://www.owasp.org/projects/cov/owasp-iv-dt-1.htm Null Character (IV-NC-1) http://www.owasp.org/projects/cov/owasp-iv-nc-1.htm remote: yes local: --- severity: medium vendor: hast been informed [got a ticket# from some automated reply .. but nothing else] patch/fix: ??? recomannded fix: sanitize meta-characters from user-input [EMAIL PROTECTED] [EMAIL PROTECTED] http://www.websec.org check out the Open Web Application Security project http://www.owasp.org Gru� Thomas ---------------------------------------------------------------------------- PUG - Penguin User Group Wiesbaden - http://www.pug.org
