Package: mailman
Version: 2.0.11-1woody8
Severity: critical
Justification: security hole
When I send an email to the mailing list, I get an email from the cronjob:
---------- CUT HERE -----------
>From [EMAIL PROTECTED] Tue Feb 1 20:57:05 2005
Return-Path: [EMAIL PROTECTED]
X-Original-To: list
Delivered-To: [EMAIL PROTECTED]
Received: by smtp.trashmail.net (Postfix, from userid 38)
id 8967333C92; Tue, 1 Feb 2005 20:57:05 +0100 (CET)
From: Cron Daemon <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Cron <[EMAIL PROTECTED]> [ -x /usr/bin/python -a -f
/usr/lib/mailman/cron/qrunner ] && /usr/bin/python
+/usr/lib/mailman/cron/qrunner
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/var/list>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=list>
Message-Id: <[EMAIL PROTECTED]>
Date: Tue, 1 Feb 2005 20:57:05 +0100 (CET)
Segmentation fault
---------- CUT HERE -----------
I don't know where is the error, why it's seg faults, and if it's dangerous.
But I think if the program makes Segmentation fault, it could be a serious
security hole.
Somebody could get a shell account with the "list" account privileges.
-- System Information:
Debian Release: testing/unstable
Architecture: i386 (i686)
Kernel: Linux 2.4.25
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED]
Versions of packages mailman depends on:
ii apache [httpd] 1.3.29.0.2-4 Versatile, high-performance HTTP s
ii cron 3.0pl1-83 management of regular background p
ii debconf 1.4.21 Debian configuration management sy
ii libc6 2.3.2.ds1-11 GNU C Library: Shared libraries an
ii logrotate 3.6.5-2 Log rotation utility
ii postfix [mail-transport-age 2.0.16-4 A high-performance mail transport
ii python 2.3.3-7 An interactive high-level object-o
-- debconf information:
* mailman/gate_news: yes
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
