Bug#358892: [Pkg-mailman-hackers] Bug#358892: Uncaught runner
exception: len() of unsized object
Lionel Elie Mamane
lionel at mamane.lu
Tue Mar 28 21:17:58 UTC 2006
tags 358892 +security sarge
fixed 358892 2.1.6
reopen 358892
thanks
On Sat, Mar 25, 2006 at 01:27:33AM +0100, Sven Hartge wrote:
> Mailman 2.1.5 contains a subtle bug inside its Scrubber.py, which
> can cause some messages with badly formed mime multiparts and
> sometimes all messaged received after the defective one to be
> shunted, thus rendering the specific list to be unusable.
This thus leads to a DoS attack vector, and makes it a security
vulnerability.
I wasn't able to find a CVE number for this; none of
http://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mailman looks
relevant. Should we get one? If yes, will the security team take care
of this?
> See also http://mail.python.org/pipermail/mailman-users/2005-June/045107.html
> The patch (attached for your convenience) is also in 2.1.6, see
> https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1099138&group_id=103
> diff -ur mailman-2.1.5.orig/Mailman/Handlers/Scrubber.py mailman-2.1.5/Mailman/Handlers/Scrubber.py
> --- mailman-2.1.5.orig/Mailman/Handlers/Scrubber.py 2003-12-01 02:43:18.000000000 +0100
> +++ mailman-2.1.5/Mailman/Handlers/Scrubber.py 2006-03-25 01:25:57.000000000 +0100
> @@ -259,6 +259,14 @@
> elif not part.is_multipart():
> payload = part.get_payload(decode=True)
> ctype = part.get_type()
> + # XXX Under email 2.5, it is possible that payload will be None.
> + # This can happen when you have a Content-Type: multipart/* with
> + # only one part and that part has two blank lines between the
> + # first boundary and the end boundary. In email 3.0 you end up
> + # with a string in the payload. I think in this case it's safe to
> + # ignore the part.
> + if payload is None:
> + continue
> size = len(payload)
> omask = os.umask(002)
> try:
As maintainer of the Debian package of Mailman, I approve this
patch. Please issue a DSA with this update.
Thanks,
--
Lionel
More information about the Pkg-mailman-hackers
mailing list