[Pkg-mailman-hackers] Bug#339095: marked as done (Dos attack to a list in mailman using sarge due to impropper handling of exception of utf8)

Debian Bug Tracking System owner at bugs.debian.org
Wed Jan 25 12:48:14 UTC 2006 

Your message dated Wed, 25 Jan 2006 13:41:41 +0100
with message-id <20060125124141.GA2459 at capsaicin.mamane.lu>
and subject line Mailman UTF8 filename DoS attack solved in Sarge
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 11 Sep 2005 18:51:36 +0000
>From aliet at tesla.cujae.edu.cu Sun Sep 11 11:51:36 2005
Return-path: <aliet at tesla.cujae.edu.cu>
Received: from galileo.cujae.edu.cu [200.55.139.18] 
	by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
	id 1EEWvP-0005Jo-00; Sun, 11 Sep 2005 11:51:36 -0700
Received: from galileo.cujae.edu.cu (galileo [127.0.0.1])
	by galileo.cujae.edu.cu (Postfix) with SMTP id B7D98B0016
	for <submit at bugs.debian.org>; Sun, 11 Sep 2005 14:50:49 -0400 (CDT)
Received: from newton.cujae.edu.cu (proxy2.cujae.edu.cu [172.16.13.69])
	by galileo.cujae.edu.cu (Postfix) with ESMTP id 9AC75B0011
	for <submit at bugs.debian.org>; Sun, 11 Sep 2005 14:50:49 -0400 (CDT)
Received: from newton (localhost.localdomain [127.0.0.1])
	by newton.cujae.edu.cu (Postfix) with SMTP id 253C33CC2D2
	for <submit at bugs.debian.org>; Sun, 11 Sep 2005 14:50:41 -0400 (CDT)
Received: by newton.cujae.edu.cu (Postfix, from userid 1001)
	id 150F03CC2D6; Sun, 11 Sep 2005 14:50:41 -0400 (CDT)
Received: from tesla.cujae.edu.cu (tesla.cujae.edu.cu [172.16.13.34])
	by newton.cujae.edu.cu (Postfix) with ESMTP id D3DA83CC2D2
	for <submit at bugs.debian.org>; Sun, 11 Sep 2005 14:50:40 -0400 (CDT)
Received: from [172.17.24.11] by tesla.cujae.edu.cu
	(Cipher TLSv1:RC4-MD5:128) (MDaemon.PRO.v8.0.2.R)
	with ESMTP id 04-md50000003310.msg
	for <submit at bugs.debian.org>; Sun, 11 Sep 2005 14:50:52 -0400
Message-ID: <43247C5A.5090202 at tesla.cujae.edu.cu>
Date: Sun, 11 Sep 2005 14:50:02 -0400
From: Aliet Santiesteban Sifontes <aliet at tesla.cujae.edu.cu>
User-Agent: Thunderbird 1.0+ (Windows/20050803)
MIME-Version: 1.0
To: submit at bugs.debian.org
Subject: Dos attack to a list in mailman using sarge due to impropper handling
 of exception of utf8
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Authenticated-Sender: aliet at tesla.cujae.edu.cu
X-MDRemoteIP: 172.17.24.11
X-Return-Path: aliet at tesla.cujae.edu.cu
X-MDaemon-Deliver-To: submit at bugs.debian.org
X-Spam-Processed: tesla.cujae.edu.cu, Sun, 11 Sep 2005 14:50:53 -0400
X-MDAV-Processed: tesla.cujae.edu.cu, Sun, 11 Sep 2005 14:50:53 -0400
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE 
	autolearn=no version=2.60-bugs.debian.org_2005_01_02

Package: mailman
Version: 2.1.5-8
Severity: |grave|

Site running several lists, it seems that a specially formed message can Dos a list 
due to impropper handling of a exception, the lists sops working, here the mailman error, all messages then
goes to shunt:


Sep 11 13:34:35 2005 (12535) Uncaught runner exception: 'utf8' codec can't decode bytes in position 1-4: invalid data
Sep 11 13:34:35 2005 (12535) Traceback (most recent call last):
  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 111, in _oneloop
    self._onefile(msg, msgdata)
  File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 167, in _onefile
    keepqueued = self._dispose(mlist, msg, msgdata)
  File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
    more = self._dopipeline(mlist, msg, msgdata, pipeline)
  File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
    sys.modules[modname].process(mlist, msg, msgdata)
  File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 91, in process
    send_digests(mlist, mboxfp)
  File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 132, in send_digests
    send_i18n_digests(mlist, mboxfp)
  File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 306, in send_i18n_digests
    msg = scrubber(mlist, msg)
  File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 265, in process
    url = save_attachment(mlist, part, dir)
  File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 361, in save_attachment
    fnext = os.path.splitext(msg.get_filename(''))[1]
  File "/usr/lib/python2.3/email/Message.py", line 731, in get_filename
    return unicode(newvalue[2], newvalue[0] or 'us-ascii')
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 1-4: invalid data

Sep 11 13:34:35 2005 (12535) SHUNTING: 1126458561.9029009+2ca02ecc54d36f4e0a88a7ab17fc28736bd23635


Any ideas?





---------------------------------------
Received: (at 339095-done) by bugs.debian.org; 25 Jan 2006 12:41:43 +0000
>From master at capsaicin.mamane.lu Wed Jan 25 04:41:43 2006
Return-path: <master at capsaicin.mamane.lu>
Received: from 213-84-114-29.adsl.xs4all.nl ([213.84.114.29] helo=capsaicin.mamane.lu)
	by spohr.debian.org with esmtp (Exim 4.50)
	id 1F1jy3-00026z-GD
	for 339095-done at bugs.debian.org; Wed, 25 Jan 2006 04:41:43 -0800
Received: from master by capsaicin.mamane.lu with local (Exim 4.60)
	(envelope-from <master at capsaicin.mamane.lu>)
	id 1F1jy1-0000eD-Sy
	for 339095-done at bugs.debian.org; Wed, 25 Jan 2006 13:41:41 +0100
Date: Wed, 25 Jan 2006 13:41:41 +0100
From: Lionel Elie Mamane <lionel at mamane.lu>
To: 339095-done at bugs.debian.org
Subject: Mailman UTF8 filename DoS attack solved in Sarge
Message-ID: <20060125124141.GA2459 at capsaicin.mamane.lu>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
X-Operating-System: GNU/Linux
X-Request-PGP: http://www.mamane.lu/openpgp/rsa_v4_4096.asc
User-Agent: Mutt/1.5.11
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.0 required=4.0 tests=BAYES_00 autolearn=no 
	version=2.60-bugs.debian.org_2005_01_02

Version: 2.1.5-8sarge1

The DSA is out and the packages available from
http://security.debian.org/ . Closing bug.

More information about the Pkg-mailman-hackers mailing list