Nessus Plugin #16448
Plugin Index
Note: This file has been created from a
downloaded version of the Nessus Plugins
from
http://www.nessus.org/.
Therefore, the information here can be outdated.
[GLSA-200502-11] Mailman: Directory traversal vulnerability
- Family:
- Gentoo Local Security Checks
- Category:
- infos
- Copyright:
- (C) 2005 Michel Arboi
- Summary:
- Mailman: Directory traversal vulnerability
- Version:
- $Revision: 1.1 $
- Cve_id:
- CAN-2005-0202
- Bugtraq_id:
- -
- Xrefs:
- GLSA:200502-11
- Description:
- The remote host is affected by the vulnerability described in GLSA-200502-11
(Mailman: Directory traversal vulnerability)
Mailman contains an error in private.py which fails to properly
sanitize input paths.
Impact
An attacker could exploit this flaw to obtain arbitrary files on
the web server.
Workaround
There is no known workaround at this time.
References:
http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-0202
Solution:
All Mailman users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-mail/mailman-2.1.5-r4"
Risk factor : Medium
Generiert am 27.04.2005 um 18:49:54 Uhr.