Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting

2001-11-29T00:00:00
ID SECURITYVULNS:DOC:2222
Type securityvulns
Reporter Securityvulns
Modified 2001-11-29T00:00:00

Description

Hello,

This isn't a major threat or anything but this product does allow cross site scripting. From the list of sites below as examples you get an idea of just how popular this product is.

http://www1.dshield.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)> http://mail.gnu.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)> http://lists.bell-labs.com/mailman/listinfo/<img%20src=javascript:alert(document.domain)> http://mail.gnome.org/mailman/listinfo/<img%20src=javascript:alert(document.domain)> http://www.lists.apple.com/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

Patching information is included within the advisory.

  • zeno

PS: advisory can also be located at http://www.cgisecurity.org/advisory/7.txt

                              [ Cgi Security Advisory #7 ]
                                 admin@cgisecurity.com
                     Mailman Email archiver Cross Site Scripting Hole

Found November 2001

Public Release Sometime in November 2001

Vendor Contacted November 2001

Scripts Effected: Mailman Email Archiver Price: Free

Versions: All Versions appear to be effected

Platforms: Unix, Linux, Other?

Vendor: http://sourceforge.net/projects/mailman

  1. Problem

This product is affected by a Cross Site Scripting hole, which may allow an attacker to trick a user into thinking something the attacker wrote actually came from the site that is effected. This involves some social engineering to a point but could possibly allow gathering of user information and other types of fraud.

http://host/mailman/listinfo/<img%20src=javascript:alert(document.domain)>

This will gladly show you a pop up javascript box.

  1. Fixes

The vendor has been notified of the problem, Upgrade to version 2.0.8 in order to fix this problem.

TarBalls http://sourceforge.net/project/showfiles.php?group_id=103

Published to the Public November 2001 Copyright November 2001 Cgisecurity.com