---

Conectiva Linux Security Announcement: Package: mailman

Date: Wed, 2 Aug 2000 17:11:48 -0300
From: secure@CONECTIVA.COM.BR
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: CONECTIVA LINUX SECURITY ANNOUNCEMENT – mailman


CONECTIVA LINUX SECURITY ANNOUNCEMENT


PACKAGE : mailman
SUMMARY : Obtaining mailman user privilieges
DATE : 2000-08-02
AFFECTED CONECTIVA VERSIONS : 4.1, 4.2, 5.0 and 5.1

DESCRIPTION
The wrapper program supplied with the mailman package has a format
bug which could be exploited to obtain the privileges of the
mailman user. This user has read and write access to all files of
the mailman package.
Note that this vulnerability can only be exploited by local users
with shell access.

SOLUTION
All mailman users should upgrade to the package listed below.
Besides the security fix, this version also fixes a problem with
the authorization cookie used for the admin pages.

DIRECT DOWNLOAD LINKS TO UPDATED PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/i386/mailman-2.0beta5-1cl.i386.rpm


ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/i386/mailman-2.0beta5-1cl.i386.rpm


ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/i386/mailman-2.0beta5-1cl.i386.rpm


ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/i386/mailman-2.0beta5-1cl.i386.rpm

DIRECT LINK TO THE SOURCE PACKAGES

ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.1/SRPMS/mailman-2.0beta5-1cl.src.rpm


ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/4.2/SRPMS/mailman-2.0beta5-1cl.src.rpm


ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.0/SRPMS/mailman-2.0beta5-1cl.src.rpm


ftp://ftp.conectiva.com.br/pub/conectiva/atualizacoes/5.1/SRPMS/mailman-2.0beta5-1cl.src.rpm


All packages are signed with Conectiva’s PGP key. The key can be
obtained at http://www.conectiva.com.br/conectiva/contato.html

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis