Vulnerability CVE-2005-0202

Vulnerability Name:

CVE-2005-0202 (CCN-19274)

Assigned:

2005-02-09

Published:

2005-02-09

Updated:

2017-10-11

Summary:

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-Other

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2005-0202

Source: APPLE
Type: Patch
APPLE-SA-2005-03-21

Source: FULLDISC
Type: Vendor Advisory
20050209 Administrivia: List Compromised due to Mailman Vulnerability

Source: BUGTRAQ
Type: UNKNOWN
20050209 [USN-78-1] Mailman vulnerability

Source: CCN
Type: RHSA-2005-136
mailman security update

Source: CCN
Type: RHSA-2005-137
mailman security update

Source: CCN
Type: SA14211
Mailman Directory Traversal and Denial of Service

Source: SECUNIA
Type: UNKNOWN
14211

Source: CCN
Type: SECTRACK ID: 1013145
Mailman Input Validation Hole in `private.py` Discloses Files to Remote Users

Source: SECTRACK
Type: UNKNOWN
1013145

Source: CCN
Type: CIAC Information Bulletin P-137
Mailman Vulnerabilities

Source: CCN
Type: CIAC INFORMATION BULLETIN P-156
Apple Security Update 2005-003

Source: DEBIAN
Type: UNKNOWN
DSA-674

Source: DEBIAN
Type: DSA-674
mailman -- cross-site scripting

Source: CCN
Type: GLSA-200502-11
Mailman: Directory traversal vulnerability

Source: GENTOO
Type: Patch, Vendor Advisory
GLSA-200502-11

Source: CCN
Type: Mailman Web site
Mailman, the GNU Mailing List Manager

Source: MANDRAKE
Type: UNKNOWN
MDKSA-2005:037

Source: SUSE
Type: UNKNOWN
SUSE-SA:2005:007

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:136

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2005:137

Source: CCN
Type: BID-12504
GNU Mailman Remote Directory Traversal Vulnerability

Source: CCN
Type: USN-78-1
Mailman vulnerability

Source: CCN
Type: USN-78-2
Fixed mailman packages for USN-78-1

Source: XF
Type: UNKNOWN
gnumailman-private-directory-traversal(19274)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:10657

Source: SUSE
Type: SUSE-SA:2005:007
mailman: remote file disclosure

Vulnerable Configuration:

Configuration 1:

cpe:/a:gnu:mailman:2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1b1:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:*:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/a:gnu:mailman:2.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.5:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.1:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.3:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1.4:*:*:*:*:*:*:*

OR cpe:/a:gnu:mailman:2.1b1:*:*:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:3.0:*:*:*:*:*:*:*

OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*

OR cpe:/o:suse:linux_enterprise_server:8:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*

OR cpe:/o:suse:suse_linux:8.2:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0:*:*:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.1:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

OR cpe:/o:suse:suse_linux:9.2:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1:*:*:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::as:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::desktop:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::es:*:*:*:*:*

OR cpe:/o:redhat:enterprise_linux:4::ws:*:*:*:*:*

OR cpe:/o:redhat:linux_advanced_workstation:2.1::itanium:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.1::x86-64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0::x86_64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64:*:*:*:*:*

OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20050202	V	CVE-2005-0202	2015-11-16
oval:org.mitre.oval:def:10657	V	dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure before it is freed, which leads to a memory disclosure that could allow local users to obtain sensitive information about a cryptographic key.	2013-04-29
oval:org.debian:def:674	V	cross-site scripting, directory traversal	2005-02-21
oval:com.redhat.rhsa:def:20050137	P	RHSA-2005:137: mailman security update (Important)	2005-02-15
oval:com.redhat.rhsa:def:20050136	P	RHSA-2005:136: mailman security update (Important)	2005-02-10

BACK