oss-sec mailing list archives

CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface

From: Jan Lieskovsky <jlieskov () redhat com>
Date: Wed, 23 Jun 2010 18:35:12 +0200

Hi Steve, vendors,

  Florian Streibelt (yet in 2009) reported:
  [1] http://bugs.gentoo.org/show_bug.cgi?id=259968#c0

  a directory traversal flaw in the way mlmmj (Mailing List Managing Made
  Joyful), mailing list manager, processed users requests to edit and save
  list entries, originating from php-admin web interface. A remote,
  authenticated attacker could use these flaws to alter integrity of the system
  (write and / or delete arbitrary files) by providing a specially-crafted list
  variable content to the edit or save request.

  Florian, please correct me, if I mangled the attack scenario, and it's slightly
  different.

  Martin, Morten, are these two issues known upstream yet? Is there a patch for them already?

  Steve, could you please allocate two CVE-2009-XXXX CVE ids?
  (One for 1, 'edit' case, second for 2, 'save' case.) [Searching "Master Copy of CVE" for "mlmmj"
   keyword returned nothing for me.]

References:
  [2] http://bugs.gentoo.org/show_bug.cgi?id=259968
  [3] https://bugzilla.redhat.com/show_bug.cgi?id=607256

Thanks && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

Current thread:

CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Jan Lieskovsky (Jun 23)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Florian Streibelt (Jun 23)
  - Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Morten Shearman Kirkegaard (Jun 26)
- Re: CVE Request -- mlmmj -- Directory traversal flaw by editing and saving list entries via php-admin web interface Josh Bressers (Jun 25)