Описание
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
It was found that mailman did not sanitize the list name before passing it to certain MTAs. A local attacker could use this flaw to execute arbitrary code as the user running mailman.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | mailman | Will not fix | ||
| Red Hat Enterprise Linux 6 | mailman | Fixed | RHSA-2015:1417 | 20.07.2015 |
| Red Hat Enterprise Linux 7 | mailman | Fixed | RHSA-2015:1153 | 23.06.2015 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.6 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
Directory traversal vulnerability in GNU Mailman before 2.1.20, when n ...
Directory traversal vulnerability in GNU Mailman before 2.1.20, when not using a static alias, allows remote attackers to execute arbitrary files via a .. (dot dot) in a list name.
ELSA-2015-1153: mailman security and bug fix update (MODERATE)
EPSS
4.6 Medium
CVSS2