| fungi | i'm assuming the answer is probably "yes" so sorry if this is being asked for the 10th time today, but are CVE-2021-42096 and CVE-2021-42097 for mailman 2.1 already on somebody's radar? looks like the lp bugs include directly backportable patches, but i don't see any mention in the ubuntu security tracker... | 20:10 |
|---|---|---|
| ubottu | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A certain csrf_token value is derived from the admin password, and may be useful in conducting a brute-force attack against that password. <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42096> | 20:10 |
| fungi | https://mail.python.org/archives/list/mailman-announce@python.org/thread/IKCO6JU755AP5G5TKMBJL6IEZQTTNPDQ/ | 20:10 |
| ubottu | GNU Mailman before 2.1.35 may allow remote Privilege Escalation. A csrf_token value is not specific to a single user account. An attacker can obtain a value within the context of an unprivileged user account, and then use that value in a CSRF attack against an admin (e.g., for account takeover). <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42097> | 20:10 |
| sarnold | fungi: I think you're the first, and I don't see them in our database yet | 20:13 |
| fungi | thanks sarnold! also, i hate being first :/ | 20:14 |
| fungi | luckily it's all python, so we'll probably just end up hand-patching our servers for those, but now that it's made the rounds on the oss-sec ml i figure there's going to be others looking closer | 20:15 |
| === jdstrand_ is now known as jdstrand | ||
| sbeattie | fungi: sorry, which lp bugs? | 20:44 |
| clarkb | I think https://bugs.launchpad.net/mailman/+bug/1947639 and https://bugs.launchpad.net/mailman/+bug/1947640. The patch for both is apparently the same. | 20:45 |
| sarnold | https://bugs.launchpad.net/mailman/+bug/1947639 and https://bugs.launchpad.net/mailman/+bug/1947640 | 20:45 |
| ubottu | Launchpad bug 1947639 in GNU Mailman "Potential Privilege escalation via the user options page." [Medium, Fix Released] | 20:45 |
| ubottu | Launchpad bug 1947640 in GNU Mailman "Potential CSRF attack via the user options page." [Medium, Fix Released] | 20:45 |
| sarnold | sbeattie: I've added these to uct | 20:45 |
| sbeattie | thanks | 21:00 |
| fungi | yep those, sorry stepped away to attend to a hot wok for a while | 21:42 |
| fungi | the ones linked from the ml post | 21:42 |
| fungi | thanks for the quick attention! | 21:43 |
| sbeattie | mailman/bionic is building in https://launchpad.net/~ubuntu-security-proposed/+archive/ubuntu/ppa/ | 22:42 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!