[Mailman-Developers] [Fwd: Fwd: Re: [Mailman-Announce] Critical
security update for Mailman 2.1.5 and earlier [origin:
mailman-developers-owner@python.org]]
Harald Meland
harald.meland at usit.uio.no
Thu Feb 17 02:09:52 CET 2005
> From: Axel Beckert <beckert at ecos.de>
> Subject: Re: [Mailman-Announce] Critical security update for Mailman 2.1.5
> and earlier
> To: mailman-developers at python.org
>
> I just want to share my experiences with the patch:
>
> Am Thu, Feb 10, 2005 at 09:41:05AM -0500, Barry Warsaw schrieb:
>> There is a critical security flaw in Mailman 2.1.5 and earlier Mailman
>> 2.1 versions
>
> As I noticed, 2.0.x versions (at least 2.0.13) are vulnerable, too.
I suspect that even 1.x versions of Mailman are vulnerable.
> Is there any patch which complies with Python 1 syntax?
I think something like this should work, slightly tested using Python
1.5.2.
------------------------------------------------------------------------
SLASH = '/'
def true_path(path):
"Ensure that the path is safe by removing .."
parts = string.split(path, SLASH)
safe = filter(lambda x: x not in ('.', '..'), parts)
if parts <> safe:
# No easy "syslog()" function is necessarily available in
# early Mailman versions.
#
# syslog('mischief', 'Directory traversal attack thwarted')
pass
return string.join(safe, SLASH)[1:]
------------------------------------------------------------------------
--
Harald
More information about the Mailman-Developers
mailing list