Mailman User Password Exposure

2004-05-15T04:01:23
ID OSVDB:6422
Type osvdb
Reporter OSVDB
Modified 2004-05-15T04:01:23

Description

Vulnerability Description

Mailman contains a flaw that may lead to an unauthorized password exposure. It is possible for a list member to gain access to user passwords by sending mail to the request alias. If an arbitrary user submits "password address=" commands for other users, Mailman may disclose the user password.

Solution Description

Upgrade to version 2.1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Mailman contains a flaw that may lead to an unauthorized password exposure. It is possible for a list member to gain access to user passwords by sending mail to the request alias. If an arbitrary user submits "password address=" commands for other users, Mailman may disclose the user password.

Manual Testing Notes

To reproduce: - random person mail list-request@[victim] - include several "password address=" commands for list users - Mailman will potentially send the user passwords

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11809 Secunia Advisory ID:11701 Secunia Advisory ID:11718 Secunia Advisory ID:11989 Secunia Advisory ID:11707 Other Advisory URL: http://mail.python.org/pipermail/mailman-announce/2004-May/000072.html Nessus Plugin ID:12253 Nessus Plugin ID:13722 Nessus Plugin ID:14150 Nessus Plugin ID:14515 Nessus Plugin ID:13721 CVE-2004-0412