Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0202

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-0202
Last Modified 21 Aug 2010 12:25:39
Published 02 May 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-0202

Summary

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

Vulnerable Systems

Application

  • Gnu Mailman 2.1

  • Gnu Mailman 2.1.1

  • Gnu Mailman 2.1.2

  • Gnu Mailman 2.1.3

  • Gnu Mailman 2.1.4

  • Gnu Mailman 2.1.5

  • Gnu Mailman 2.1b1


References

REDHAT - RHSA-2005:137

REDHAT - RHSA-2005:136

GENTOO - GLSA-200502-11

BUGTRAQ - 20050209 [USN-78-1] Mailman vulnerability

APPLE - APPLE-SA-2005-03-21

DEBIAN - DSA-674

FULLDISC - 20050209 Administrivia: List Compromised due to Mailman Vulnerability

SUSE - SUSE-SA:2005:007

MANDRAKE - MDKSA-2005:037

SECTRACK - 1013145

SECUNIA - 14211


Last Updated: 27 May 2016 10:39:42